2 SSL certificates

Hello, i have enabled SNI and got a SSL certificate from godaddy. All well and good but when i tested on ssllabs it shows me 2 certificates for the site.

Certificate #1: RSA 4096 bits (SHA256withRSA)

this one is from godaddy and expected.


Certificate #2: RSA 2048 bits (SHA1withRSA) No SNI

this one was self generated before i got godaddy certificate. How do i remove this one.

I installed the certificate from directadmin.

Thanks

The is because you have SNI enabled.

SNI is an extension on top of SLL/TLS where the client (browser) sends the hostname (e.g. www.mysafesite.com) it want's to connect to as part of the ssl handshare (as this is encrypted). This gives the server enough info to select the correct ssl certificate the present.

But... if a client ( the ssllabs check you might be referring to) explicitly does not send this hostname (the no-sni check), then the server has no idea what certificate to present to the client (having no hostname defaults to an ssl connection to the ipaddress), the server will present the cert defined in apaches vhost for x.x.x.x:443 ( you might find this iirc in /etc/httpd/conf/extra/httpd-vhosts.conf ).
This means you might put your ssl cert there and this will result in 1 (and only 1!) website passing this second check.

Sry, the TL;DR version is (I should have started with this, right?):

add your cert in /etc/httpd/conf/extra/httpd-vhosts.conf is you manage your own server or
get a dedicated ip.