How to hide "Alterative names" SSL certificates (in SSLlabs test)?

nginx ssl-certificate domain-name

Solution 1:

If your server is contacted with an older https protocol (without SNI), or even by using its IP address instead of a domain name, Nginx will choose the default server block and use whichever certificate is associated with it.

The test results you are seeing are simply identifying which server block is the default.

You can choose which certificate Nginx should use in these cases, by marking one of your server blocks (which listen for https connections) with the default_server attribute.

For example:

server {
    listen 443 ssl default_server;
    ssl_certificate     ...;
    ssl_certificate_key ...;
    ...
}

You can even choose to reject these connections with a return 444; statement, but you will still need a valid certificate to negotiate the connection in the first place.

See the documentation on default servers and HTTPS servers.

Related

How can I create a non-ssh VPN on debian/linux?
How do I disable SSL 2.0 support on IIS?
Postfix rejects emails relayed from O365
What role does /etc/mailname play in postfix?
Is there any way to find out how many hits you receive from bots, on an IIS6 site? [closed]
Forcing `mount` to bypass nfs kernel limitations in relation to the nfs version
Run commands in open X session
Office 2008 with Network/Mobile Accounts
How do you disable or uninstall NetRestore from a NetBoot server?
Finding deleted/imported files in SFTP server using logs
mysql: set default charset to utf8
Load Balance Web Farm on EC2 [closed]