Hi,
I have multiple certificates defined in my pound config and the correct
certificate is used based on the subject name however the correct certificate
is not used when visiting the site using one of the alternative names.
Is this configuration supported by pound? If so, what am I doing wrong.
I am running Pound 2.6 (compiled from source) on a completely up to date
install of Debian 6 (squeeze).
Here is my config (altered slightly to protect the innocent):
ListenHTTPS
Address 192.168.254.5
Port 443
# Normal certificate (default)
Cert /etc/pound/site1.domain.com.pem
# SAN certificate
Cert /etc/pound/site2.domain.com.pem
AddHeader "Front-End-Https: on"
Service "service1"
HeadRequire "Host: site1.domain.com"
BackEnd
Address 192.168.7.10
Port 80
End
End
Service "service2"
HeadRequire "Host: (site2|site3|site4).domain.com"
BackEnd
Address 192.168.7.11
Port 80
End
End
End
With this config access to "site1.domain.com" correctly uses the first
(default) certificate.
Access to "site2.domain.com" correctly uses the second certificate
(site2.domain.com is in the subject name of the second certificate) however
access to "site3.domain.com" or "site4.domain.com" uses the first certificate
(site3 and site4 are subject alternate names in the second certificate).
Regards,
Andrew
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
