Hi,
On Wed, Jul 23, Martin van Diemen wrote:
> Hi,
>
> I'm using multiple certificates for haproxy. All certificates are places in
> one folder and this works great when using a webbrowser.
>
> frontend https-in
> bind x.x.x.x:443 ssl crt ./certs/
>
> # Add a header at the end of the HTTP request.
> reqadd X-Forwarded-Proto:\ https
>
> default_backend default_servers
>
> When I run "openssl s_client -connect subdomain.domain.tld:443" I get the
> wrong certificate. The certificate which is alphabetically the latest in
> the folder is returned (and incorrect).
Have you tried with:
openssl s_client -servername subdomain.domain.tld -connect \
subdomain.domain.tld:443
(with -servername openssl s_client should send SNI information:
-servername host - Set TLS extension servername in ClientHello)
-Jarno
--
Jarno Huuskonen
