Friday, October 12, 2012, 2:55:13 PM, you wrote: > On 12 October 2012 11:12, Scott McKeown <[email protected]> wrote: >> can you >> just send over a quick and dirty basic config file so that I can see this in >> its full glory. >> I'm not saying that your incorrect or anything I just don't seem to be able >> to get my head around how each service will work out what certificate it >> should be using.
> Which is exactly why I made my original post :) > Yes I am wanting to use SNI for SSL (so SSLv3), not UUC/SAN or Wildcard certs. > On 12 October 2012 10:18, Sander Eikelenboom <[email protected]> wrote: >> Yes just load all certificates: >> Cert "cert1.pem" >> Cert "cert1.pem" >> Cert "certX.pem" >> > That is how I imagined it, however I was hoping someone could post a > "working" config. I can't seem to find one on the Internet anywhere. > Instead all I can find are people who are trying to do this but it's > not working (or working correctly) for them; > http://www.apsis.ch/pound/pound_list/archive/2011/2011-10/1319110163000#1319110163000 > http://www.apsis.ch/pound/pound_list/archive/2011/2011-06/1309186898000#1309186898000 > http://www.apsis.ch/pound/pound_list/archive/2011/2011-04/1302190284000 > I wasn't near the load-balancer yesterday so I couldn't even try and > guess (I was guessing in my head though that specifying multiple > "Cert" statements was probably the way). In that last post, Sander, > you supplied a patch. I'm using Pound 2.6. Is it worth me applying > that Patch? Well there isn't much to it: ListenHTTPS Address 0.0.0.0 Port 443 Cert "/etc/pound/subdomain1.domain.pem" Cert "/etc/pound/subdomain2.domain.pem" ## allow PUT and DELETE also (by default only GET, POST and HEAD)?: xHTTP 2 HeadRemove "X-Forwarded-For" Service HeadRequire "(Host: subdomain1.domain.tld)" BackEnd Address 192.168.1.1 Port 443 HTTPS End End Service HeadRequire "(Host: subdomain2.domain.tld)" BackEnd Address 192.168.1.2 Port 443 HTTPS End End End I you have a problem, add some printk's in the source were pound does the matching of the certificates. Most probably if you have a problem, the domain/subdomain, isn't in the right place in the certificate. > Many thanks all for being so prompt and helpful! > James. > -- > To unsubscribe send an email with subject unsubscribe to [email protected]. > Please contact [email protected] for questions. -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
