Here is my problem. I have multiple domains hosted on one apache webserver. (Virtual Hosts) Two of them (a.com and b.com) use ssl certificates. I configured both with these commands:
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/ABC.crt
SSLCertificateKeyFile /etc/apache2/ssl/ABC.key
SSLCertificateChainFile /etc/apache2/ssl/ABC.chain.crt
SSLProtocol all -SSLv2
When i try to connect via browser (chrome, Firefox, IE) it works fine and i get the right certificate. But on android i got an exception: No peer certificate
Then i tried to test it with this command:
openssl s_client -connect b.com:443
It returns me the certificate of the a.com. Any suggestions what I've done wrong that i get the wrong certificate with openssl and android?
There are probably multiple hosts on the same IP address and you need to use Server Name Indication (SNI) to access this site. To you SNI with openssl s_client
use the -servername
option, e.g. openssl s_client -connect b.com:443 -servername a.com
. As for android: according to https://developer.android.com/training/articles/security-ssl.html SNI is supported since 2.3 for HttpsURLConnection but not for Apache HTTP Client.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With