Am 28.09.2014 um 19:15 schrieb Jason Strongman: > When you say 'incoming' request, do you mean > > 1. client to ATS ? > or > 2. ATS to origin ? > > Based on my understanding of the multiple certificate documentation, to > support this configuration, ATS requires > multiple IPs. > Also based on my understanding, ATS does not support serving multiple > certificates if the TLS/SSL service only > listens on one socket.
no - the reason for SNI is to provide a hostname from the client and ATS is choosing the correct certificate based on that SNI name as well httpd does if you would need different IP's / sockets SNI would be pointless the reason for SNI is that you need only one IP for multiple SSL sites hence MSIE on WinXP is not supported [root@testserver:~]$ cat /etc/trafficserver/ssl_multicert.config ssl_cert_name=afi.testserver.rhsoft.net.pem ssl_cert_name=contentlounge.testserver.rhsoft.net.pem ssl_cert_name=mailadmin.testserver.rhsoft.net.pem ssl_cert_name=rhsoft.testserver.rhsoft.net.pem ssl_cert_name=testserver.rhsoft.net.pem ssl_cert_name=uploadprogress.testserver.rhsoft.net.pem ssl_cert_name=webmail.testserver.rhsoft.net.pem > On Sun, Sep 28, 2014 at 11:26 AM, Reindl Harald <[email protected] > <mailto:[email protected]>> wrote: > > > Am 28.09.2014 um 18:24 schrieb Jason Strongman: > > Version - 4.2.1.1 > > Mode - Reverse Proxy > > > > Objective: To support multiple SSL sites, each with their own > certificate, and only use one IP/Port. > > Does ATS support SNI for incoming requests as described in the below > links? > > ATS supports *only* SNI for incoming requests
signature.asc
Description: OpenPGP digital signature
