On 4/5/2011 1:42 PM, W. Jeffrey Brown wrote:
I've looked all over and can't find this answer

We have pound running and passing traffic off for two hosts. Each host has it's 
own set of servers.

What I need to know is what the proper configuration would be for each host to 
have its own ssl cert.

Here is a sanitized version of the pound config that we are using.


# Replace "localhost" by your IP or host name
ListenHTTPS
     Address 0.0.0.0
     Port 443
     Cert "/opt/pound/ssl/server.pem"
     Client 15
     RewriteLocation 0

     Service
         BackEnd
             Address WWW.XXX.YYY.ZZZ
             Port 80
             Timeout 15
         End
     End
End

ListenHTTP
     Address 0.0.0.0
     Port 80
     Client 15
     RewriteLocation 0

     Service
         HeadRequire "Host:.*domain1.com.*"

         BackEnd
             Address 192.168.99.196
                       Port 80
                       Timeout 15
         End
         BackEnd
             Address 192.168.99.197
                       Port 80
                       Timeout 15
         End
     End

     Service
         HeadRequire "Host:.*domain2.com.*"

         BackEnd
             Address 192.168.99.198
                       Port 80
                       Timeout 15
         End
         BackEnd
             Address 192.168.99.199
                       Port 80
                       Timeout 15
         End
         BackEnd
             Address 192.168.99.200
                       Port 80
                       Timeout 15
         End
     End
End

There's 2 easy choices:

1) Get 1 cert with both CN fields on it. Most SSL providers offer these for not much more (I have one that allows 5 names on 1 cert from Godaddy - it wasn't expensive).

2) Move them to different IPs and then update your ListenHTTP/HTTPS blocks, specifying the different certs for each IP.

Regards,
--
Dave Steinberg
http://www.geekisp.com/
http://www.steinbergcomputing.com/
http://www.redterror.net/

--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.

Reply via email to