Hi Jarno, Thanks for your quick reply. That results in the correct certificate. I've been digging in the client application and it seems that this does not support SNI. So far is looks client related. Thanks!
Groeten, Martin On Wed, Jul 23, 2014 at 11:13 AM, Jarno Huuskonen <[email protected]> wrote: > Hi, > > On Wed, Jul 23, Martin van Diemen wrote: > > Hi, > > > > I'm using multiple certificates for haproxy. All certificates are places > in > > one folder and this works great when using a webbrowser. > > > > frontend https-in > > bind x.x.x.x:443 ssl crt ./certs/ > > > > # Add a header at the end of the HTTP request. > > reqadd X-Forwarded-Proto:\ https > > > > default_backend default_servers > > > > When I run "openssl s_client -connect subdomain.domain.tld:443" I get the > > wrong certificate. The certificate which is alphabetically the latest in > > the folder is returned (and incorrect). > > Have you tried with: > openssl s_client -servername subdomain.domain.tld -connect \ > subdomain.domain.tld:443 > > (with -servername openssl s_client should send SNI information: > -servername host - Set TLS extension servername in ClientHello) > > -Jarno > > -- > Jarno Huuskonen >
