I'm currently running into some peculiar behavior with SNI, and I'm wondering if any of you might be able to offer suggestions. I'm not sure if it's a bad config, a bug, or a limitation of the software.
I have a Tomcat instance that has two SSLHostConfig elements applied. The first is the default SSLHostConfig. The second SSLHostConfig has a hostName of HOST.domain.com. The Certificate entry for this SSLHostConfig contains a certificate that has HOST.domain.com in its SAN field. When I open Chrome and try to load https://HOST.domain.com/, the request that goes across the wire is for https://host.docfinity.com. I immediately receive a security warning from Chrome, and when I look at the certificate that's returned, it's the certificate for the default host config. Are SSLHostConfig.hostName attribute values case sensitive in Tomcat? I have looked through the documentation and it does not seem to specify either way.