On 2015-03-14 23:34, Peter Hessler wrote:
> httpd does not yet support SNI. You will need to either wait, use a
> wildcard SSL cert, or use different ports/IPs.
>
>
Oh, I hadn't checked that for SNI. I'll have to wait then; multiple IPv4
addresses are expensive, and CAs will charge for wildcard certs. :(
Is SNI on the roadmap already?
Thanks,
> On 2015 Mar 14 (Sat) at 19:26:31 -0300 (-0300), Hugo Osvaldo Barrera wrote:
> :Hi,
> :
> :I've only just recently started moving from nginx to httpd (I *loved* the
> :config syntax by the way!).
> :
> :I'm having an issue with httpd presenting the wrong TLS certificate for a
> :client - it seems to be defaulting always to the first entry, ignoring all
> :laters ones.
> :
> :Here's my narrowed down test config:
> :
> : server "hugo.barrera.io" {
> : alias "barrera.io"
> : listen on * tls port 1443
> : root "/sites/hugo.barrera.io"
> : tls certificate "/var/www/tls/hugo.barrera.io/chain.crt"
> : tls key "/var/www/tls/hugo.barrera.io/ssl.key"
> : }
> :
> : server "calendar.barrera.io" {
> : listen on * tls port 1443
> : root "/sites/calendar.barrera.io"
> : tls certificate "/var/www/tls/calendar.barrera.io/chain.crt"
> : tls key "/var/www/tls/calendar.barrera.io/ssl.key"
> : }
> :
> :On both scenarios, httpd is presenting the TLS certificate for
> :hugo.barrera.io.
> :
> :Any hints? Did I do something wrong? Did I hit a bug?
> :
> :Thanks,
> :
> :--
> :Hugo Osvaldo Barrera
> :A: Because we read from top to bottom, left to right.
> :Q: Why should I start my reply below the quoted text?
> :
> :[demime 1.01d removed an attachment of type application/pgp-signature which
had a name of signature.asc]
> :
>
> --
> Harrisberger's Fourth Law of the Lab:
> Experience is directly proportional to the amount of equipment
> ruined.
--
Hugo Osvaldo Barrera
A: Because we read from top to bottom, left to right.
Q: Why should I start my reply below the quoted text?
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
