Multiple Certs and Keys
Yick Xie
yick.xie at gmail.com
Sun Jun 26 22:40:27 PDT 2016
Hello Nikos,
Today I just ungraded the gnutls to 3.4.13, but this problem still
existed. Even I just self signed two certs based on 2 domains such as
a.domain.com and b.domain.com. When connecting via the second cert,
the AnyConnect client always poped up "Certificate does not match the
server name". I have already added the dns_name and kept it same as
CN. Is there something I missed in the configuration?
Regards,
Yick
2016-05-20 13:58 GMT+08:00 Nikos Mavrogiannopoulos
<n.mavrogiannopoulos at gmail.com>:
> On Tue, 2016-05-10 at 06:14 +0800, Yick Xie wrote:
>> I tested and it did not work. Still the first one in the order would
>> be delivered, the case is the same as IP cert.
>>
>> ONE cert was issued with dns_name="xxx.com";
>> TWO cert was issued with dns_name="vpn.yyy.net".
>> The gnutls is 3.3.18, some more configuration to enable SNI? How to
>> verify my environment? Perhaps due to some other outdated libs?
>
> I verified that was an issue affecting ocserv. That is solved with the
> new gnutls releases (3.3.23 or 3.4.12).
>
> regards,
> Nikos
>
More information about the openconnect-devel
mailing list