Certificate #2: RSA 2048 bits (SHA256withRSA) No SNI -- Mismatch, SSL Test gives back a different domain name

Question

Certificate #2: RSA 2048 bits (SHA256withRSA) No SNI -- Mismatch, SSL Test gives back a different domain name

Raghava Sai Akula 406

I have few applications hosted in IIS on a windows server. which are routed through Azure APP Gateway.

I'm enhancing the SSL configuration across all my domains. Upon running the ssllabs.com test revealed a second certificate(Certificate #2: RSA 2048 bits (SHA256withRSA) No SNI) being sent wrongly by my server.

My server sends an certificate for one of my other domains.

For instance, when testing ABC.ca, Certificate #2 is issued to another domain def.com(because one of my other site with smallest/lowest priority in APP gateway listener Rules). Although the SSL rating for the site is A+

User's image

I followed the below URL and edited Hosts and added certificates under web hosting

Lex Li 6,037 Reputation points

2024-04-01T21:31:18.1666667+00:00

Are you able to run a command like netsh http show sslcert to reveal all HTTPS bindings on this machine? https://docs.lextudio.com/jexusmanager/tutorials/https-binding#ip-based-bindings Certificates associated with SNI bindings shouldn't be disclosed to SSLLabs, but the IP based bindings might. So you should ensure you don't have IP based ones (unless that's what you initially planned).

Your answer

Lex Li 6,037 Reputation points

2024-04-01T21:31:18.1666667+00:00

Are you able to run a command like netsh http show sslcert to reveal all HTTPS bindings on this machine? https://docs.lextudio.com/jexusmanager/tutorials/https-binding#ip-based-bindings Certificates associated with SNI bindings shouldn't be disclosed to SSLLabs, but the IP based bindings might. So you should ensure you don't have IP based ones (unless that's what you initially planned).

Share via

Certificate #2: RSA 2048 bits (SHA256withRSA) No SNI -- Mismatch, SSL Test gives back a different domain name

Your answer