On Tue, Apr 12, 2011 at 12:15 AM, Joseph Hardeman <[email protected]> wrote: > HI, > > Considering these are for a customer and they have already purchased their > certs, I don't want to go through the hassle of converting them and causing > them any issues.
I don't see how this would inconvenience anybody, it is a pretty straightforward operation. It is done server-side and won't impact the customer or CA etc. https://support.servertastic.com/entries/323869-moving-ssl-certificate-from-iis-to-apache You are simply exporting the cert/key from IIS, which will insist on encrypting them. Then you are decrypting them using openssl to a PEM format file so it can be used by software other than IIS. > Now we can stick with the examples on the haproxy site using mode tcp, but I > was wondering is there a way via ACL's or something to do something along > the lines of reading the requested domain name and sending that traffic to a > specific server or set of servers? Of course not, if you are doing TCP mode with SSL traffic, how are you going to inspect the traffic at the proxy? Remember, it is encrypted.
