No scratch that, this is wrong.
On 04/10/2017 04:57 PM, Sander Hoentjen wrote:
> The attached patch against haproxy 1.7.5 honours crt order also for
> wildcards.
>
> On 04/07/2017 03:42 PM, Sander Hoentjen wrote:
>> Hi Sander,
>>
>> On 04/06/2017 02:06 PM, Sander Klein wrote:
>>> Hi Sander,
>>>
>>> On 2017-04-06 10:45, Sander Hoentjen wrote:
>>>> Hi guys,
>>>>
>>>> We have a setup where we sometimes have multiple certificates for a
>>>> domain. We use multiple directories for that and would like the
>>>> following behavior:
>>>> - Look in dir A for any match, use it if found
>>>> - Look in dir B for any match, use it if found
>>>> - Look in dir .. etc
>>>>
>>>> This works great, except for wildcards. Right now a domain match in dir
>>>> B takes precedence over a wildcard match in dir A.
>>>>
>>>> Is there a way to get haproxy to behave the way I describe?
>>> I have been playing with this some time ago and my solution was to
>>> just think about the order of certificate loading. I then found out
>>> that the last certificate was preferred if it matched. Not sure if
>>> this has changed over time.
>> This does not work for wildcard certs, it seems they are always tried last.
>>
>> Regards,
>> Sander
>>
