/ Zope / Apsis / Pound Mailing List / Archive / 2008 / 2008-04 / multiple certificate and domains, one ip

[ << ] [ >> ]

[ [Pound Mailing List] apache redirect from https ... ] [ compile problem with -fstack-protector on ... ]

multiple certificate and domains, one ip
HF <hakan(at)mojja.com>		 2008-04-12 21:20:34 [ FULL ] 
Hello


I'm trying to set up a pound that can handle two domains with different 
certificates.
Both domains are pointing to same ip. I want pound to answer with correct 
ssl-cert
depending on the HeadRequire parameter.

Ie not getting the "This certificate belongs to domain1.com" when I visit 
the other one.

I get the question to enter passphrase for both but on the second one it 
always fails.
Switching order gives the same result. Using only one cert works perfect.

Any thoughts or solutions?


Thanks in advance
/HF


The configfile I'm testing with:


ListenHTTPS
     Address 192.168.1.9
     Port    443
     Cert    "/etc/pki/tls/certs/domain1.pem"

   Service

     HeadRequire "Host: .*domain1.com.*"

     BackEnd
       Address 192.168.1.12
       Port    80
     End

     Session
       Type  IP
       TTL  300
     End
   End

End


ListenHTTPS
     Address 192.168.1.9
     Port    443
     Cert    "/etc/pki/tls/certs/domain2.pem"

   Service

     HeadRequire "Host: .*domain2.com.*"

     BackEnd
       Address 192.168.1.12
       Port    80
     End

     Session
       Type  IP
       TTL  3000
     End
   End

End
Re: [Pound Mailing List] multiple certificate and domains, one ip
Eirik Øverby <eirik.overby(at)modirum.com>		 2008-04-12 21:39:35 [ FULL ] 
I believe this is a FAQ, and pretty well described on the pound website.

In short, what you're trying to do is not possible. SSL is negotiated  
*BEFORE* HTTP request headers are sent, at which point you cannot  
switch certificates.

/Eirik

On Apr 12, 2008, at 21:20, HF wrote:
[...]
Attachments:  
text.html text/html 2674 Bytes
MailBoxer