Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Old 6th January 2012, 18:01
philippe_ philippe_ is offline
Junior Member
Join Date: Jan 2012
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default pound how to implement Openssl SNI


This is my first post on this forum;

I have read at pound official website on their 'update June 2010' that pound is able to proceed to openssl SNI (Server Name Indication) which makes it possible to build a https reverse proxy.

Furthermore, in the pound mailing-list (in which I have been totally unable to register :O) I have read that someone accomplished this success SNI with pound. I am on Linux and my browser is sni capable as reported by this check.

However, it seems that only the last certificate specified in pound configuration file is taken in account. In fact, I have exactly the same problem as reported here: The first certificate is shown to the client, if it is related to the domain name, this is fine, else, no more certificate is tried and a warning is shown on the client browser.

My configuration is like this:
  Port  443
  Cert "/etc/pound/ssl/wiki.pem"
  Cert "/etc/pound/ssl/frontend.pem"

      HeadRequire "Host: .*wiki.mydomain.net.*"
          Port 8080 
      HeadRequire "Host: .*mydomain.net.*"
          Port 8080
Does anyone knows how to force each certificate to be checked until a appropriate one is getting found?

Thanks a lot for your answer and help!
Reply With Quote
Sponsored Links
Old 11th December 2012, 16:15
pi3g pi3g is offline
Junior Member
Join Date: Dec 2012
Posts: 1
Thanks: 0
Thanked 1 Time in 1 Post
Default Do you have the right version of pound?

Yes, pound supports SNI - I'm using such a setup myself.

BUT - it only supports SNI starting with version 2.6. Your problem may be related to you using an older version.

Check what version you are using. I think it can be done with

pound -V

I've compiled a package for Debian - it may be of some use for you:


Good luck :-)
Reply With Quote
The Following User Says Thank You to pi3g For This Useful Post:
falko (12th December 2012)


pound openssl sni

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
installation/upgrade not working anymore on etch fireba11 Installation/Configuration 20 17th February 2010 16:05
perfect install but no ISPconfig provell Installation/Configuration 52 29th June 2009 23:33
How to upgrade to openssl 0.9.8g ? bogdan747 Installation/Configuration 3 11th March 2008 21:46
Unbearably slow access speeds CombatGod Installation/Configuration 5 30th May 2006 17:31
YUM Install of OpenSSL does NOT have CA.pl CrimsonSkyZS Server Operation 1 28th May 2006 21:47

All times are GMT +2. The time now is 22:12.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.