Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 6th January 2012, 17:01
philippe_ philippe_ is offline
Junior Member
 
Join Date: Jan 2012
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default pound how to implement Openssl SNI

Hello;

This is my first post on this forum;

I have read at pound official website on their 'update June 2010' that pound is able to proceed to openssl SNI (Server Name Indication) which makes it possible to build a https reverse proxy.

Furthermore, in the pound mailing-list (in which I have been totally unable to register :O) I have read that someone accomplished this success SNI with pound. I am on Linux and my browser is sni capable as reported by this check.

However, it seems that only the last certificate specified in pound configuration file is taken in account. In fact, I have exactly the same problem as reported here: The first certificate is shown to the client, if it is related to the domain name, this is fine, else, no more certificate is tried and a warning is shown on the client browser.

My configuration is like this:
Code:
ListenHTTPS
  Address 172.23.1.2
  Port  443
  Cert "/etc/pound/ssl/wiki.pem"
  Cert "/etc/pound/ssl/frontend.pem"

  Service
      HeadRequire "Host: .*wiki.mydomain.net.*"
      BackEnd
          Address 192.168.0.110
          Port 8080 
      End
  End
  Service
      HeadRequire "Host: .*mydomain.net.*"
      Backend
          Address 192.168.0.103
          Port 8080
      End
  End
End
Does anyone knows how to force each certificate to be checked until a appropriate one is getting found?

Thanks a lot for your answer and help!
Reply With Quote
Sponsored Links
 

Bookmarks

Tags
pound openssl sni

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
installation/upgrade not working anymore on etch fireba11 Installation/Configuration 20 17th February 2010 15:05
perfect install but no ISPconfig provell Installation/Configuration 52 29th June 2009 22:33
How to upgrade to openssl 0.9.8g ? bogdan747 Installation/Configuration 3 11th March 2008 20:46
Unbearably slow access speeds CombatGod Installation/Configuration 5 30th May 2006 16:31
YUM Install of OpenSSL does NOT have CA.pl CrimsonSkyZS Server Operation 1 28th May 2006 20:47


All times are GMT +2. The time now is 21:08.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.