On Thu, Jan 22, 2015 at 01:04:15PM -0600, Nathan Neulinger wrote: > How does haproxy handle overlaps and wildcards? > > For example, if I have a cert for '*.domain.com' and 'something.domain.com' > > Does it automatically pick the more specific match?
yes, wildcards are only considered last. > Similar question for > certs with SANs - does it consider the alternative names in the selection > process? I don't know what SANs is. > And lastly, what if I want "everything without a specific cert to use cert > X, even though hostname doesn't match". It's the default cert which will be served, the first one on the bind line as documented. Typically useful when you're a hosting provider and want everything not a customer to be presented with your wildcard name. Willy
