Knowledgebase

Portal Home > Knowledgebase > Articles Database > Is WHM SNI support buggy?


Is WHM SNI support buggy?




Posted by LampNetworks, 05-15-2014, 05:53 PM
Has anybody else noticed that only the *primary domain* listed at "WHM » Home » SSL/TLS » Manage SSL Hosts" with certificates using SNI are valid? All other (non primary) domains listed have the following warning: SSL verification issue (Possibly mis-matched URL or bad intermediate cert.). Details: ERROR: no certificate subject alternative name matches If you make a non primary domain; primary, the above error is fixed: http://www.whynopadlock.com/index.html Is this a know bug, is there a known fix?
Posted by nixtree, 05-15-2014, 06:32 PM
What is your OS ( version ) and cPanel version?
Posted by LampNetworks, 05-15-2014, 08:20 PM
CentOS 6 & 11.42.1 The hosting platform is supportive of SNI, and all SSL checkers confirm good SSL installs as does whynopadlock.com when the domain is made primary in above list. If others see similar issue then it's worth asking cPanel support.
Posted by Julien@Hostabulous, 05-15-2014, 08:54 PM
We have no issues here, just checked
Posted by LampNetworks, 05-15-2014, 09:07 PM
Would you mind confirming please? Your non primary domains listed at WHM » Home » SSL/TLS » Manage SSL Host return "Valid Certificate found" when tested here: http://www.whynopadlock.com/index.html
Posted by IH-Chris, 05-15-2014, 09:58 PM
Why not check the Certificate details from your browser and see which CRT is being delivered and for which (sub)domain?
Posted by LampNetworks, 05-15-2014, 10:19 PM
I have done and nothing seems to be wrong and all SSL checkers show nothing wrong either. However, a client was insistent he was having issues with wireless installation software that uses itms-services protocol for download manifests accessed through https to Apple. The only clue I got was from above site and the only fix (found by chance) was to make the domain primary (client site works flawlessly now). As there can only be one primary I checked the non primaries and was shocked at the results. I'm trying to determine if this is a bug in WHM or something else, hopefully others will do some checks and reply.
Posted by IH-Chris, 05-15-2014, 10:41 PM
If you checked the details and everything was correct for you, but not for him.. odd. "SSL verification issue (Possibly mis-matched URL or bad intermediate cert.)" Is the correct intermediate installed for this? Edit: Was the SSL installed by the client, from cPanel? It might be likely that all was needed was a apache restart before you switched the domains around. Last edited by IH-Chris; 05-15-2014 at 10:44 PM.
Posted by LampNetworks, 05-16-2014, 05:48 AM
cPanel support say this isn't a bug in cPanel. It happens to be a limitation of SNI and using several certificates on the same host domain. The error seen at whynopadlock.com for the non-primary domains is a side effect of multiple domains sharing an IP and using SSL certificates. The above Apple web app only works with SSL domains marked as primary indicates that the software isn't able to handle SNI certificates. Making the domain "Primary" just allows it to work with non-SNI-compatible software.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
InnoHosting and EZPZHosting both offer UK servers but none are VAT registered? (Views: 516)
Take a Look (Views: 472)
Windows Licensing - VPS (Views: 497)
Check IP addresses to help catch fraud orders (Views: 540)
reseller questions [newbie] (Views: 527)

Language: