Multiple SSL certificates / "Tyler Collard" <tcollard@gmail.com>

A quick question,

I cant seem to find this anywhere and my tests lead me to believe I can't,
but am I able to specify more than one Cert statement under a listener? What
I would like is to be able to use Cert under different Service branches for
different domains in a virtual host environment. Is this possible? Or must i
find a way to cram all of these different domains into one certificate?

Thanks,

Tyler

Attachments:
text.html	text/html	440 Bytes

Re: [Pound Mailing List] Multiple SSL certificates
Kenneth Burgener <kenneth(at)mail1.ttak.org>

2007-07-06 08:01:47

[ FULL ]

Tyler Collard wrote:[...]


Tyler,

You can do multiple certs under a pound configuration, as long as you do
them under different listeners.  You cannot use multiple certs with one
listener though, as this is a limitation of SSL.  The problem is the
client will communicate with the server, handshake the certificate, and
then unwrap the HTTP traffic, which is where you would find the domain,
but by then it is too late.

A exception to this is if you wish to do a wildcard certificate, you
could do many subdomains under one listener.  For my test servers, I
created a self sign cert that is for domain "*", and then one I have
accepted the certificate once I can do any domain under my virtual
environment.

Kenneth