Another odd thing is that both certs are loaded even if the ECC cert doesn't have the proper name.
In my testing with a bind line of bind :8443 ssl crt ./var/tls/localhost.pem the ECC cert is loaded if it is in that directory no matter what the file name is. -Bryan On Thu, Dec 3, 2015 at 2:15 PM, Bryan Talbot <[email protected]> wrote: > On Thu, Dec 3, 2015 at 2:00 PM, Dave Zhu (yanbzhu) <[email protected]> > wrote: > >> Hey Bryan. >> >> I noticed that you gave HAProxy a directory. You have to give it the name >> of the cert instead of the directory. >> >> So your config should be: >> >> bind :8443 ssl crt ./var/tls/localhost.pem >> >> >> > > I get the same behavior with that configuration. > > Hopefully loading certs from a directory instead of naming them all will > be enabled in a future patch since I think a lot of existing configs load > them that way. > > -Bryan > >
