gistfile1.txt

depth=1 C = BM, O = QuoVadis Limited, CN = QuoVadis Global SSL ICA G2
verify error:num=20:unable to get local issuer certificate
verify return:0
HTTP/1.1 200 OK
Date: Mon, 28 Apr 2014 14:01:42 GMT
Server: Apache/2.4
Cache-Control: max-age=0
Expires: Mon, 28 Apr 2014 14:01:42 GMT
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>TLS SNI Test Site: *.sni.velox.ch</title>
</head>
<body>
<h2>TLS SNI Test Site: *.sni.velox.ch</h2>

<p><strong>Great! Your client
sent the following TLS server name indication extension
(<a href="http://www.rfc-editor.org/rfc/rfc6066.txt">RFC 6066</a>)
in its ClientHello </strong>(negotiated protocol: TLSv1.2, cipher suite: ECDHE-RSA-AES256-GCM-SHA384)<strong>:</strong></p>
<pre>  <strong>testando.sni.velox.ch</strong></pre>
<p>In your request, this header was included:</p>
<pre>  Host: testando.sni.velox.ch</pre>
<p>
This Web server is running <a href="http://httpd.apache.org/">Apache httpd</a>'s mod_ssl,
linked against a version of <a href="http://www.openssl.org/source/">OpenSSL</a>
with support for TLS extensions. Apache httpd 2.2.12 was the first official release
featuring TLS SNI capabilities.
</p>
<p>
For the current connection (established at Mon Apr 28 14:01:42 UTC 2014),
<code>httpd</code> is assuming that the certificate
with <strong>CN=*.sni.velox.ch</strong> is the correct one.
Apache is configured as shown below and uses three certificates,
(kindly provided by <a href="http://www.quovadisglobal.com/" target="_blank">QuoVadis</a>),
where CN=alice.sni.velox.ch, CN=bob.sni.velox.ch, and CN=*.sni.velox.ch.
Based on the information your client submitted, the highlighted
<code>VirtualHost</code> has been selected for your viewing pleasure:
</p>
<pre>
  Listen 443
  # NameVirtualHost is only needed for httpd 2.2.x
  NameVirtualHost *:443

  &lt;VirtualHost *:443&gt;
    SSLEngine On
    ServerName <a href="https://alice.sni.velox.ch/">alice.sni.velox.ch</a>:443
    ServerAlias <a href="https://carol.sni.velox.ch/">carol.sni.velox.ch</a>
    DocumentRoot /var/www/html/alice
    SSLCertificateFile /etc/pki/tls/certs/alice.sni.velox.ch.crt
    SSLCertificateKeyFile /etc/pki/tls/private/alice.sni.velox.ch.key
    # <a href="/misc/certs/alice.sni.velox.ch.crt.pem">alice.sni.velox.ch.crt</a> has a subjectAltName extension
    # with two dNSName entries: alice.sni.velox.ch and
    #                           carol.sni.velox.ch
    # Since this VirtualHost is listed first, it's also
    # the default one and will get selected if none
    # of the others match
  &lt;/VirtualHost&gt;

  &lt;VirtualHost *:443&gt;
    SSLEngine On
    ServerName <a href="https://bob.sni.velox.ch/">bob.sni.velox.ch</a>:443
    ServerAlias <a href="https://dave.sni.velox.ch/">dave.sni.velox.ch</a>
    DocumentRoot /var/www/html/bob
    SSLCertificateFile /etc/pki/tls/certs/bob.sni.velox.ch.crt
    SSLCertificateKeyFile /etc/pki/tls/private/bob.sni.velox.ch.key
    # <a href="/misc/certs/bob.sni.velox.ch.crt.pem">bob.sni.velox.ch.crt</a> has a subjectAltName extension
    # with two dNSName entries: bob.sni.velox.ch and
    #                           dave.sni.velox.ch
  &lt;/VirtualHost&gt;

  <strong style="font-size:120%;">&lt;VirtualHost *:443&gt;
    SSLEngine On
    ServerName <a href="https://mallory.sni.velox.ch/">mallory.sni.velox.ch</a>:443
    ServerAlias <a href="https://www.sni.velox.ch/">*.sni.velox.ch</a>
    ServerAlias <a href="https://sni.velox.ch/">sni.velox.ch</a>
    DocumentRoot /var/www/html/mallory
    SSLCertificateFile /etc/pki/tls/certs/mallory.sni.velox.ch.crt
    SSLCertificateKeyFile /etc/pki/tls/private/mallory.sni.velox.ch.key
    # <a href="/misc/certs/mallory.sni.velox.ch.crt.pem">mallory.sni.velox.ch.crt</a> has a subjectAltName extension
    # with two dNSName entries: *.sni.velox.ch and
    #                           sni.velox.ch
    # Since it has a wildcard DNS name, it will match for any
    # VirtualHost below .sni.velox.ch which is not explicitly configured
  &lt;/VirtualHost&gt;</strong>

</pre>
<p>Clicking on the <code>ServerName</code> and <code>ServerAlias</code> links should
get you to these VirtualHosts. The <code>.crt</code> links will show the certificates
in PEM format, preceded by an OpenSSL text dump.</p>
<p>Browsers/clients with support for TLS server name indication:</p>
<ul>
<li><a href="http://www.opera.com/browser/">Opera 8.0 and later</a> (the TLS 1.1 protocol must be enabled)</li>
<li><a href="http://www.microsoft.com/windows/internet-explorer/default.aspx">Internet Explorer 7 or later</a> (under Windows Vista and later only, not under Windows&#160;XP)</li>
<li><a href="http://www.mozilla.com/firefox/">Firefox 2.0 or later</a></li>
<li><a href="http://curl.haxx.se/">Curl 7.18.1 or later</a> (when compiled against an SSL/TLS toolkit with SNI support)</li>
<li><a href="http://www.google.com/chrome/">Chrome 6.0</a> or later (on all platforms - releases up to 5.0 only on specific OS versions)</li>
<li><a href="http://www.apple.com/safari/">Safari 3.0 or later</a> (under OS X 10.5.6 or later and under Windows Vista and later)</li>
</ul>
<p><small>Last updated 2013-05-08, Kaspar Brand (contact: sni velox ch, insert "@" before and "." after "velox")</small></p>
</body>
</html>
read:errno=0