Wrong Certificate listed for a URL

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems

Moderator: Qbik Staff

Wrong Certificate listed for a URL

Postby garth » May 06 18 6:15 am

When browsing the website hosted on a web hosting server. The underlying server name is used by Wingate instead of the website URL.
Using the following URL https://www.sccmug.ca/

Without Wingate, the correct Domain is listed.
Wingate.png
Wingate.png (87.48 KiB) Viewed 1857 times


With Wingate
No Proxy.png
No Proxy.png (88.07 KiB) Viewed 1857 times


You can clearly see that Wingate is using the underlying hostname and not the URL domain name.

So, how exactly do you get Wingate to use the URL/Domain name for the cert and NO the underlying hostname?
garth
 
Posts: 11
Joined: Jul 20 14 8:58 am

Re: Wrong Certificate listed for a URL

Postby adrien » May 08 18 11:30 pm

Hi Garth

Hosting servers use the SNI extension to TLS to choose which certificate to use. In the SNI (Server Name Indication) extension, the TLS client sends the name of the server it thinks it's connecting to. Servers will have a default cert which to use if the client doesn't send SNI.

This was done so that multiple https sites could be hosted on a single IP, prior to SNI, there could be only 1 cert per IP address.

WinGate's SSL inspection in the WWW proxy allows you to turn off sending SNI upstream. Actually it usually would make no sense to turn it off, and you might expect the server to then have trouble choosing the right certificate.

Regards

Adrien de Croy
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland


Return to WinGate

Who is online

Users browsing this forum: Google [Bot] and 31 guests

cron