Hi I think this is just related to ie 8 on windows xp not supporting SNI. But I could be wrong.
Greets, Sander On 8 jul. 2013, at 18:50, Jürgen Haas <[email protected]> wrote: > This is a follow-up question to the other thread "SSL Problem - > Untrusted Connection" which has meanwhile been resolved, thanks to Lukas > and Duncan. My PEM files are now working properly. > > Here is what I have in the config file: > > frontend https-in > bind :443 ssl crt /var/proxy/certs/fallback.pem crt > /var/proxy/certs/domain1.pem crt /var/proxy/certs/domain2.pem > use_backend ssl_backend > > Now, when calling https://domain1 this works from all modern platforms > and browsers. But a lot customers with older equipment (i.e. most of > them from within banking networks - no kidding) are reporting that their > browser (IE8 on XP as an example) is warning them when visiting domain1 > on SSL. As I couldn't reproduce that problem from elsewhere, I just > installed XP and IE8 and bang, yes I get the same warning. > > What happens is that HAProxy is using the fallback certificate. > > When I remove that and only have this config: > > frontend https-in > bind :443 ssl crt /var/proxy/certs/domain1.pem > use_backend ssl_backend > > Then everything works also on older systems. > > I think, from that we can assume that the certificates are just fine. > But something with HAProxy seems not quite right for all circumstances > if there are more than one CRTs in one bind statement. > > If anyone needed an environment for testing and reproduction, please let > me know. I can provide more infos or even access to our system if that's > necessary. > > Thanks > Jürgen > > >
