> Am 18.09.2018 um 15:44 schrieb Houser, Rick <rick.houser@xxxxxxxxxxx>:
> In the same vein, I’ve been running this patch on our builds to get around a warning for certificates not matching the hostname. Certificates are not expected to match the hostname with many load balancing/uptime detection schemes, and this one logs a LOT when it trips on every vhost. Perhaps this patch should share the same fate as decided for the TLS missing SNI issue?
Not sure I understand your setup here. Is this the ServerName from the global server? Otherwise, in a VirtualHost why would you not set the ServerName to the hostname you are serving?
Envision a TCP load balancer routing TLS-crypted traffic across a number
of internal hosts, with each of the named virtual hosts presenting the correct
certificate, and known to httpd by their ServerAlias on the outer-facing interface.
Not terminated at the edge balancer.
There is the issue of keeping TLS session key encoding in sync across
the backends, obviously.