AnsweredAssumed Answered

erroneous www. dns resolving

Question asked by Andreas Riddering on Mar 10, 2015
Latest reply on Mar 13, 2015 by Andreas Riddering

I just registered a domain and bought a vServer for some SSL-testing purposes. Lets say the domain resolves to ip and so does the second subdomain

(edit:) and two certs from StartSSL for those two subdomains, so cert 1 is valid for and and the cert 2 is valid for and of course.


After some testing i tried to harden and turned off some ciphers. Because apache cant decide which vHost to use, before the TLS handshake, it seems it always takes the protocols given in the first vhost. Lets say something like SNI is missing for to set other protocol configs. Anyhow that's how it seemed to be for me. So i ordered a second IP lets say and set to point to this ip. The next scans showed up some errors, i guess you would like to avoid.


Although the report says "Prefix handling: Not required for subdomains", the test obviously resolves the sub-subdomain This seems to be a little bit odd to me. And brought up the error, because of the wildcard dns entry, gets resolved to and in this case, its the "wrong" vHost and so the certificate doesn't match and so one gets this error message.


If the Summary says, that prefix handling is not required for subdomains, maybe it would be a good idea, not to resolve the www.sub-subdomain.


I would offer to reconfigure my domains back (aka simply delete the entry) and give it to you for testing purposes.