From: Shimi Gersner
haproxy supports generating SSL certificates based on SNI using a provided
CA signing certificate. Because CA certificates may be signed by multiple
CAs, in some scenarios, it is neccesary for the server to attach the trust chain
in addition to the generated certificate.
The
From: Shimi Gersner
The use of Common Name is fading out in favor of the RFC recommended
way of using SAN extensions. For example, Chrome from version 58
will only match server name against SAN.
The following patch adds SAN extension by default to all generated certificates.
The SAN extension
From: Shimi Gersner
Hi Team, William,
Took me some time to get back to this. This version resolves all
comments from previous patch.
As suggested, this is now the default behaviour.
PR Reference https://github.com/Azure/haproxy/tree/wip/sgersner/ca-features
Thanks,
Shimi.
Shimi Gersner (2):
3 matches
Mail list logo