|
/
Zope
/
Apsis
/
Pound Mailing List
/
Archive
/
2012
/
2012-04
/
Problem with SAN (Subject Aternate Name) certificates
[
Regex in Backend-Address / Christian Senkowski ... ]
[
port 80 redirect with keeping the full url / ... ]
Problem with SAN (Subject Aternate Name) certificates
Andrew Heberle <Heberle_Andrew(at)saxxon.com.au> |
2012-04-03 07:59:39 |
[ SNIP ]
|
Hi,
I have multiple certificates defined in my pound config and the correct
certificate is used based on the subject name however the correct certificate
is not used when visiting the site using one of the alternative names.
Is this configuration supported by pound? If so, what am I doing wrong.
I am running Pound 2.6 (compiled from source) on a completely up to date
install of Debian 6 (squeeze).
Here is my config (altered slightly to protect the innocent):
ListenHTTPS
Address 192.168.254.5
Port 443
# Normal certificate (default)
Cert /etc/pound/site1.domain.com.pem
# SAN certificate
Cert /etc/pound/site2.domain.com.pem
AddHeader "Front-End-Https: on"
Service "service1"
HeadRequire "Host: site1.domain.com"
BackEnd
Address 192.168.7.10
Port 80
End
End
Service "service2"
HeadRequire "Host: (site2|site3|site4).domain.com"
BackEnd
Address 192.168.7.11
Port 80
End
End
End
With this config access to "site1.domain.com" correctly uses the first
(default) certificate.
Access to "site2.domain.com" correctly uses the second certificate
(site2.domain.com is in the subject name of the second certificate) however
access to "site3.domain.com" or "site4.domain.com" uses the first certificate
(site3 and site4 are subject alternate names in the second certificate).
Regards,
Andrew
|
|
|
RE: Problem with SAN (Subject Aternate Name) certificates
Joe Gooch <mrwizard(at)k12system.com> |
2012-04-03 16:55:26 |
[ SNIP ]
|
Apply the patch posted by Jonas Pasche.
http://jonaspasche.com/pound/Pound-2.6-altnames.patch
Post Message here
http://www.apsis.ch/pound/pound_list/archive/2012/2012-02/1329442080000
Joe
> -----Original Message-----
> From: Andrew Heberle [mailto:Heberle_Andrew(at)saxxon.com.au]
> Sent: Tuesday, April 03, 2012 2:00 AM
> To: pound(at)apsis.ch
> Subject: [Pound Mailing List] Problem with SAN (Subject Aternate Name)
> certificates
>
> Hi,
>
> I have multiple certificates defined in my pound config and the correct
> certificate is used based on the subject name however the correct
> certificate is not used when visiting the site using one of the
> alternative names.
>
> Is this configuration supported by pound? If so, what am I doing wrong.
>
> I am running Pound 2.6 (compiled from source) on a completely up to
> date install of Debian 6 (squeeze).
>
> Here is my config (altered slightly to protect the innocent):
>
> ListenHTTPS
> Address 192.168.254.5
> Port 443
>
> # Normal certificate (default)
> Cert /etc/pound/site1.domain.com.pem
> # SAN certificate
> Cert /etc/pound/site2.domain.com.pem
>
> AddHeader "Front-End-Https: on"
>
> Service "service1"
> HeadRequire "Host: site1.domain.com"
>
> BackEnd
> Address 192.168.7.10
> Port 80
> End
> End
>
> Service "service2"
> HeadRequire "Host: (site2|site3|site4).domain.com"
>
> BackEnd
> Address 192.168.7.11
> Port 80
> End
> End
> End
>
> With this config access to "site1.domain.com" correctly uses the first
> (default) certificate.
>
> Access to "site2.domain.com" correctly uses the second certificate
> (site2.domain.com is in the subject name of the second certificate)
> however access to "site3.domain.com" or "site4.domain.com" uses the
> first certificate (site3 and site4 are subject alternate names in the
> second certificate).
>
> Regards,
>
> Andrew
>
> --
> To unsubscribe send an email with subject unsubscribe to
> pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
|
|
|
|
