Understand ssl setup

apache-2.2 ssl sni

The confusion here is between SSL negotiation and apache vhost handling. This is what happens:

If a user connects without supporting SNI, Apache can't at first know which vhost the user wants, since the host name is hidden within the SSL encryption. So apache will use the first SSL certificate it finds for the SSL negotiation. Once the client has accepted that certificate and finished the negotiation, then Apache will be able to decrypt the request and handle it just as if the client had been supported SNI from the start.

So there is never any HTTP request to the SAN server - there's just an SSL negotiation which uses the certificate from the SAN server before figuring out which vhost to use for the HTTP request. Apache logs only the HTTP requests, not the SSL negotiations.

Related

SSH key exchange is not working
Dealing with multiple private DNS servers
Copy NT user accounts between servers
nginx location pathing issue
What should I do if I find someone is brute forcing my server password?
Recommended Backup Media for Circa 2009?
what is gen_clust_index used for in mysql?
Is there a way to do something like LVM over NFS?
SFTP user can't edit or create files
Definition of Fully qualified domain name
SQL Server memory constantly going up, from 1GB RAM used to 7GB in a week
centos: using epel repository on a server machine