How do you get AOL's OpenID site verification to work?

Question

I have an OpenID relying party setup and using XRDS. It passes the \"RP has discoverable return_to\" interop test over at http://test-id.org/RP/DiscoverableReturnTo.aspx.

Answer 1

When verifying the return_to value, AOL doesn’t support the RFC 4366 TLS "Server Name Indication" (SNI) extension, which allows multiple SSL certificates on the same IP address. If your server is so configured, AOL will only see the default certificate for the IP address. If it doesn’t happen to match the certificate of the relying website, AOL will (incorrectly) report an error.

i.e. This is an AOL bug.