Apply the patch posted by Jonas Pasche. http://jonaspasche.com/pound/Pound-2.6-altnames.patch
Post Message here http://www.apsis.ch/pound/pound_list/archive/2012/2012-02/1329442080000 Joe > -----Original Message----- > From: Andrew Heberle [mailto:[email protected]] > Sent: Tuesday, April 03, 2012 2:00 AM > To: [email protected] > Subject: [Pound Mailing List] Problem with SAN (Subject Aternate Name) > certificates > > Hi, > > I have multiple certificates defined in my pound config and the correct > certificate is used based on the subject name however the correct > certificate is not used when visiting the site using one of the > alternative names. > > Is this configuration supported by pound? If so, what am I doing wrong. > > I am running Pound 2.6 (compiled from source) on a completely up to > date install of Debian 6 (squeeze). > > Here is my config (altered slightly to protect the innocent): > > ListenHTTPS > Address 192.168.254.5 > Port 443 > > # Normal certificate (default) > Cert /etc/pound/site1.domain.com.pem > # SAN certificate > Cert /etc/pound/site2.domain.com.pem > > AddHeader "Front-End-Https: on" > > Service "service1" > HeadRequire "Host: site1.domain.com" > > BackEnd > Address 192.168.7.10 > Port 80 > End > End > > Service "service2" > HeadRequire "Host: (site2|site3|site4).domain.com" > > BackEnd > Address 192.168.7.11 > Port 80 > End > End > End > > With this config access to "site1.domain.com" correctly uses the first > (default) certificate. > > Access to "site2.domain.com" correctly uses the second certificate > (site2.domain.com is in the subject name of the second certificate) > however access to "site3.domain.com" or "site4.domain.com" uses the > first certificate (site3 and site4 are subject alternate names in the > second certificate). > > Regards, > > Andrew > > -- > To unsubscribe send an email with subject unsubscribe to > [email protected]. > Please contact [email protected] for questions. -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
