experimenting a bit more with SSL, I came to realize that I dan’t know where the Web-Server Default SSL is used. I assumed it would be offered if an https request comes in for a domain, that has no certificate or if one would call https://server_IP. But it’s not, another siteworx account’s SSL cert is served.
John has written in the past, that one should simply set up the server hostname as a siteworx account (and I assume install the respective SSL cert there), but then I don’t get what the Web-Server Default SSL in Nodeworx is used for. Can anybody explain?
I had also hoped to be able to circumvent this workaround by mapping the default site (in Nodeworx - Server - IP Management - Default Sites) to http://server_hostname - but no luck.
Out of pure curiosity I have created second sitworx account and installed a ssl cert for it’s master domain. I then removed the cert of the first account’s master domain. There are some secondary domains in that account with SSL certs attached to them and sure enough, one of those certs get’s picked, when calling https://server_IP.
I would have expected the cert of the second siteworx account’s master domain to be used. Hmm…
The reason for the experiment is simple: I would like to understand the logic behind which cert is offered. If we understand that, we might be able to influence that. Is it picked aplphabetically? By date? Any other factor?
By the way, the quickest way to check which cert is beig used as default is to look at Nodeowrx - Server - IP Management - System IPs. The little certificate image next to the IP shows the default certificate used on mouse over. I’d love to be able to understand and better yet, change that.
Hi Michael
I hope your well
The SNI SSL works alphabetically, so on our server, we have 1sh as a domain, and set LE SSL on this, so this is always the default SSL where a website is not setup for https. The 1 is the important, as in 1sh.
This is because of how SNI works, if https exits, it will use that SSL, if no https exists, it uses first alphabetically.
The mapping of http only works on none https
I’m sorry, I would have to think about secondary domain SSL, and even test, so I’ll come back to you, unless another user knows and posts, but kudos about ssl shown in nodeworx, I did not know that sorry
I hope that helps, but sorry if I am wrong
Many thanks
John