Apply the patch posted by Jonas Pasche.
http://jonaspasche.com/pound/Pound-2.6-altnames.patch

Post Message here
http://www.apsis.ch/pound/pound_list/archive/2012/2012-02/1329442080000


Joe

> -----Original Message-----
> From: Andrew Heberle [mailto:[email protected]]
> Sent: Tuesday, April 03, 2012 2:00 AM
> To: [email protected]
> Subject: [Pound Mailing List] Problem with SAN (Subject Aternate Name)
> certificates
> 
> Hi,
> 
> I have multiple certificates defined in my pound config and the correct
> certificate is used based on the subject name however the correct
> certificate is not used when visiting the site using one of the
> alternative names.
> 
> Is this configuration supported by pound? If so, what am I doing wrong.
> 
> I am running Pound 2.6 (compiled from source) on a completely up to
> date install of Debian 6 (squeeze).
> 
> Here is my config (altered slightly to protect the innocent):
> 
> ListenHTTPS
>       Address 192.168.254.5
>       Port 443
> 
>       # Normal certificate (default)
>       Cert /etc/pound/site1.domain.com.pem
>       # SAN certificate
>       Cert /etc/pound/site2.domain.com.pem
> 
>       AddHeader "Front-End-Https: on"
> 
>       Service "service1"
>               HeadRequire "Host: site1.domain.com"
> 
>               BackEnd
>                       Address 192.168.7.10
>                       Port 80
>               End
>       End
> 
>       Service "service2"
>               HeadRequire "Host: (site2|site3|site4).domain.com"
> 
>               BackEnd
>                       Address 192.168.7.11
>                       Port 80
>               End
>       End
> End
> 
> With this config access to "site1.domain.com" correctly uses the first
> (default) certificate.
> 
> Access to "site2.domain.com" correctly uses the second certificate
> (site2.domain.com is in the subject name of the second certificate)
> however access to "site3.domain.com" or "site4.domain.com" uses the
> first certificate (site3 and site4 are subject alternate names in the
> second certificate).
> 
> Regards,
> 
> Andrew
> 
> --
> To unsubscribe send an email with subject unsubscribe to
> [email protected].
> Please contact [email protected] for questions.

--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.

Reply via email to