How does haproxy handle overlaps and wildcards?
For example, if I have a cert for '*.domain.com' and 'something.domain.com'
Does it automatically pick the more specific match? Similar question for certs with SANs - does it consider the
alternative names in the selection process?
And lastly, what if I want "everything without a specific cert to use cert X, even
though hostname doesn't match".
-- Nathan
On 01/22/2015 12:57 PM, Lukas Tribus wrote:
Is there any way to use SNI + specify the server name
to certificate mapping?
To specifically tell it "for requests coming in with SNI
of ttrss.neulinger.org, use this certificate instead".
Is there any way to do this equivalent with haproxy?
There is no need to, HAproxy does this automatically for you:
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5.1-crt
Lukas
--
------------------------------------------------------------
Nathan Neulinger nn...@neulinger.org
Neulinger Consulting (573) 612-1412