[PATCH v3 1/2] MEDIUM: ssl: Support certificate chaining for certificate generation

From: Shimi Gersner haproxy supports generating SSL certificates based on SNI using a provided CA signing certificate. Because CA certificates may be signed by multiple CAs, in some scenarios, it is neccesary for the server to attach the trust chain in addition to the generated certificate. The

[PATCH v3 2/2] MINOR: ssl: Support SAN extension for certificate generation

From: Shimi Gersner The use of Common Name is fading out in favor of the RFC recommended way of using SAN extensions. For example, Chrome from version 58 will only match server name against SAN. The following patch adds SAN extension by default to all generated certificates. The SAN extension

[PATCH v3 0/2] Certificate Generation Enhancements

From: Shimi Gersner Hi Team, William, Took me some time to get back to this. This version resolves all comments from previous patch. As suggested, this is now the default behaviour. PR Reference https://github.com/Azure/haproxy/tree/wip/sgersner/ca-features Thanks, Shimi. Shimi Gersner (2):