AnsweredAssumed Answered

Certificate name mismatch for some IPs of

Question asked by Walter Trent on Nov 16, 2013
Latest reply on Nov 18, 2013 by Walter Trent

As far as I know, SSL Server Test supports SNI. However it does not work for, for example "fails" with "Certificate name mismatch" error (cached page: ). According to this page, the certificate is valid for *, and openssl s_client has no problem with server identification:


openssl s_client -connect -servername
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*
   i:/C=US/O=Google Inc/CN=Google Internet Authority G2
 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority


Is there a problem with SSL Test or with Google?