问题
Here is my problem. I have multiple domains hosted on one apache webserver. (Virtual Hosts) Two of them (a.com and b.com) use ssl certificates. I configured both with these commands:
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/ABC.crt
SSLCertificateKeyFile /etc/apache2/ssl/ABC.key
SSLCertificateChainFile /etc/apache2/ssl/ABC.chain.crt
SSLProtocol all -SSLv2
When i try to connect via browser (chrome, Firefox, IE) it works fine and i get the right certificate. But on android i got an exception: No peer certificate
Then i tried to test it with this command:
openssl s_client -connect b.com:443
It returns me the certificate of the a.com. Any suggestions what I've done wrong that i get the wrong certificate with openssl and android?
回答1:
There are probably multiple hosts on the same IP address and you need to use Server Name Indication (SNI) to access this site. To you SNI with openssl s_client use the -servername option, e.g. openssl s_client -connect b.com:443 -servername a.com. As for android: according to https://developer.android.com/training/articles/security-ssl.html SNI is supported since 2.3 for HttpsURLConnection but not for Apache HTTP Client.
来源:https://stackoverflow.com/questions/24613339/openssl-connect-returns-wrong-certificate