Http Error 400 Host does not match sni

Question

Good afternoon all.
 
I wonder if anyone has seen this before and may be able to offer a solution.please?
 
I have an AEM publisher instance, version 6.5.14, sitting behind an apache web server 2.4.6, running dispatcher module version 2.4-4.3.2
This web server has 5 virtual hosts configured, and has been working well for some months.
 
When I update the the dispatcher module to version .2.4-4.3.5, when requesting pages, I now get the errorHTTP Error 400 Host does not match SNI
 
This is an org.eclipse.jetty.http.BadMessageException, so I assume that the error is coming from the AEM publish server, which I have not made any changes to.
 
Any advice on resolving this would be appreciated.

neilwebbcbs · Answer

Finally got to the bottom of this..It would seem that somewhere between dispatcher 4.3.3 and 4.3.5, dispatcher is now passing the external domain name of the website in the host header when calling the publish server,  All requests from the dispatcher to the publish server are made with the publish servers internal host name, and this is what was configured as the cn it its ssl certificate.I can recreate the 400 error code with curl, by including a host header of the external domain.My solution to this is is to include all the external domain names as SAN entries on the publish server

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded