-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hallo,
is it possible with HAProxy to generate a certificate for each incoming hostname on the fly? I will use subca for HAProxy. I think to generate the certificates on the fly is cooler, then a certificate for each hostname. I found possibilities to generate the certificate, but this doesn't work :-( bind unix@/var/run/haproxy_ssl_ecc.sock accept-proxy ssl crt /etc/haproxy/ecc_star.rennecke.dyndns.dk.pem ca-sign-file /etc/haproxy/ecc_subca.pem ecdhe secp521r1 user nobody generate-certificates ecc_subca.pem included the the subca and the key. The key has no pass phrase. I will balance some other (fun) TLDs with haproxy - my small home automation project Cheers, Michael - -- Mein aktuelles Projekt: https://0rph3us.github.io/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJV6g3/AAoJEGF+uAbudcb+Y3EP/29hfN4PFB6cyHFP8hpim/Cf 0HT5O0/6HQXeYjTrHZVJKdsjy+HuXTPsvrgzoLvQMW/XYS1VaPKqeraoPP1Hs/RN kXRCJLI6OFpg3XdSuA/XOoZEzlqak73zkJyKKIL+zJjiJwvvlcV77zH7sITxWdqb NAGop15BzphwaFtQuKP/HNkEAX7J/309L4Z0vwx1nBPhxzpo9VEoz1JnCdON58lN mr1r61YhLc/xl/my4QnNXqE7HTi+BNmy5uadjFetgMnqZCaE+h3lfp6+6pi2a7tn tZht4/N0OYiplhYyhvCXLWXLuK5WpO/Q1JlG8jFvDgKrupvqj2IHMnaBAMB+GWL/ cwDYDpWyJO2WuDVgFtHGC8Rp2qJRZRxtG9CsIxBohjwOrni2v88W8lb5V8ky+wfw ZQ6DHTVFF55ciY/Jh0KjbhS0RC8aSeFgXRMhbGlTCV+n5eo4EvJnQQxRBHE87NsM Ok2fWyyVEAfsTTq9ZIQWjWe34t9Bs67ZojNdINzvy6D2guERfGqzUmrZn+K6TPVc 17eRJ6ycLMi8NwoH68JygZ8NmszF4y3vb9fSTvhfLTOqpmZBgLKyENbxKcKIciez 6nJEeR/y1tCfJkIb3IJkSpXcQuwDux7+18k2QvkW48NG+Vl9FbmDECko2ad/iTcG MH5Jc/xPNumL5YvwEkB1 =LOI3 -----END PGP SIGNATURE-----
