Re: ATS requiring SNI for SSL termination?

Jan-Frode Myklebust Mon, 06 Aug 2012 02:53:30 -0700

On Mon, Aug 06, 2012 at 09:20:51AM -0000, Igor Galić wrote:
> > Ref: https://issues.apache.org/jira/browse/TS-1392
> >
> > It seems like ATS v3.2.0 requires a Server Name Indication (SNI) to
> > do
> > SSL termination.  We use wildcard certs, and don't need/want SNI, so
> > is
> > there some way to turn off SNI to get broader client support for our
> > services?
> 
> You would have to specify each IP as dest_ip


I have specified dest_ip in ssl_multicert.conf:

        dest_ip=109.247.114.202 
ssl_cert_name=/etc/pki/tls/certs/STAR_services_example_net.crt 
ssl_key_name=/etc/pki/tls/private/STAR_services_example_net.key 
ssl_ca_name=/etc/pki/tls/certs/STAR_services_example_net.ca-bundle
        dest_ip=2a01:798:0:8008::202 
ssl_cert_name=/etc/pki/tls/certs/STAR_services_example_net.crt 
ssl_key_name=/etc/pki/tls/private/STAR_services_example_net.key 
ssl_ca_name=/etc/pki/tls/certs/STAR_services_example_net.ca-bundle
#
        dest_ip=109.247.114.203 
ssl_cert_name=/etc/pki/tls/certs/STAR_services_example_net.crt 
ssl_key_name=/etc/pki/tls/private/STAR_services_example_net.key 
ssl_ca_name=/etc/pki/tls/certs/STAR_services_example_net.ca-bundle
        dest_ip=2a01:798:0:8008::203 
ssl_cert_name=/etc/pki/tls/certs/STAR_services_example_net.crt 
ssl_key_name=/etc/pki/tls/private/STAR_services_example_net.key 
ssl_ca_name=/etc/pki/tls/certs/STAR_services_example_net.ca-bundle



  -jf

Re: ATS requiring SNI for SSL termination?

Reply via email to