Apache :: SSL Error : HostName Provided via SNI & HTTP are differe

rskb4u · Joined: 14 Apr 2014 Posts: 25 Location: India

Hi,

We are getting the below message produced in error.log when accessing from mobile application. Even I have updated apache from 2.4.9 to 2.4.10 also. Still facing the same error like below.

[Thu Jul 31 15:27:10.934564 2014] [ssl:error] [pid 12000:tid 6520] AH02032: Hostname teampark3.sogeti.com. provided via SNI and hostname teampark3.sogeti.com provided via HTTP are different

How to resolve the issue?

Thank you,
Shiva Rudra

Jan-E · Joined: 09 Mar 2012 Posts: 1266 Location: Amsterdam, NL, EU

Did you notice the '.' behind the first teampark3.sogeti.com? Is there perhaps a servername of serveralias teampark3.sogeti.com. in your config files?

rskb4u · Joined: 14 Apr 2014 Posts: 25 Location: India

HI Jan-E,

Yes,

ServerName of ServerAlias in my config file. This is my VirtualHost Block.

<VirtualHost *:80>
ServerName teampark3.sogeti.com
ServerAlias teampark3.sogeti.com
ProxyRequests Off
ProxyErrorOverride Off
ProxyPass / http://teampark3.sogeti.com/
ProxyPassReverse / http://teampark3.sogeti.com/
<Proxy *>
Require all granted
</Proxy>
</VirtualHost>

How to resolve the issue?

Many Thanks,
Shiva Rudra

Jan-E · Joined: 09 Mar 2012 Posts: 1266 Location: Amsterdam, NL, EU

Looks OK, so I do not know. The ServerAlias line seems unnecessary, so maybe remove that one.

rskb4u · Joined: 14 Apr 2014 Posts: 25 Location: India

Thanks Jan-E,

For quick reply.

Then why I am getting the below error in my error.log file.

[Thu Jul 31 15:27:10.934564 2014] [ssl:error] [pid 12000:tid 6520] AH02032: Hostname teampark3.sogeti.com. provided via SNI and hostname teampark3.sogeti.com provided via HTTP are different.

and how to resolve this issue.

Best Regards,
Shiva Rudra

AdrianK_IT

Do you have separate virtual host block for the SSL connection?

<VirtualHost *:443>
etc

James Blond

Do you set Strict-Transport-Security ?

rskb4u · Joined: 14 Apr 2014 Posts: 25 Location: India

Hi James & AdrianK_IT,

NO, I don't set Strict-Transport-Security?
How to configure it ?
I don't has separate host block for SSL Connection.

My httpd.conf file is here...

Please read & suggest any changes that I have to do & Where to do?

Many Thanks,
Shiva Rudra

mod note: Do not post your config here! See the forum rules. Since I'm nice I posted it at http://pastebin.com/h2LRuCFg

AdrianK_IT

Well, totally baffled (and shocked). I'm no expert, but unless the info appears in your other .conf files (proxy-html.conf, httpd-ssl.conf, dsame.conf), you appear to be neither running an SSL-enabled site (no listen on port 443) nor a virtual host, just a 'real' one (so why include details of your eg ServerName inside a VirtualHost block?).

You are using a default httpd.conf without really tuning it to your needs. Is this a production server? Not advised! You haven't even altered the ServerAdmin entry to something meaningful!

James Blond

I shorted the config (no more comments) http://pastebin.com/NPWpzb0y

What is in the dsame.conf ?

rskb4u · Joined: 14 Apr 2014 Posts: 25 Location: India

Hi James,

we have OpenAM Agent for single Sign-on purpose, dsame.conf file will be used for that.

Please can any body help to resolve the issue?
[Thu Jul 31 15:27:10.934564 2014] [ssl:error] [pid 12000:tid 6520] AH02032: Hostname teampark3.sogeti.com. provided via SNI and hostname teampark3.sogeti.com provided via HTTP are different

No, this is not production server, development environment only, but we have same configuration in prod also.

Many Thanks,
Shiva Rudra