Topic: SSL Error : HostName Provided via SNI & HTTP different

[paul613]

hi all,

First time poster here. I have searched the forum on this, found a couple of threads that were similar but not exact. We have our main company url, let's call it main.company.com, and an alias that is used for certain pages, let's call that alias.company.com. Our site runs on http & https, but all http requests are redirected to https

Since upgrading the firmware on our router/firewall at the weekend, users are getting a lot of 'bad request' messages, quite randomly. The weird thing is, they are using the website that exclusively uses the main.company.com url, but we see entries in the apache error log such as:

Hostname main.company.com provided via SNI and hostname alias.company.com provided via HTTP are different

Previously, 'main' and 'alias' were both set up as A records pointing to the same IP. Today, we changed 'alias' to be a CNAME for 'main' but no difference, we get the same errors. We have been going around clearing the browser cache for affected users, but the error comes back.

I have put relevant parts of the various config files here http://apaste.info/ZcE

Let me know if you need to see anything else. Other info:

OS: Ubuntu 12.04.5
Apache: 2.2.22
PHP: 5.3.10

As I say this has only happened since we upgraded the firmware on our router/firewall (a Fortinet 300D), so I'm not sure if something is happening there, but the requests are reaching the server and most of the time they are fine, then (seemingly) randomly, for the same user, the 'Bad Request' message will appear and the above error will be in the apache log.

Thanks in advance for any help/insights,
Paul

[James Blond]

It seems that your firewall is sniffing the traffic and that is why there is an issue.

I would contact the vendor since it worked before t he upgrade.

[jraute]

Cisco ASA Firewall?

[James Blond]

[jraute]

Sorry, i read over it.