Re: [Assp-user] Multiple SSL certs

Wed, 21 Jun 2017 06:47:31 -0700 

IMHO yes - but please read the documentation of IO::Socket::SSL

Thomas



Von:    "Ethical Host - John MacKenzie" <[email protected]>
An:     "'For Users of ASSP'" <[email protected]>
Datum:  21.06.2017 15:37
Betreff:        Re: [Assp-user] Multiple SSL certs



Hi Thomas
 
That is interesting would this also work with multi domain certificates 
where there is only 1 certificate file but multiple domains allowed by the 
certificate?
 
Thanks
John
 
From: Thomas Eckardt [mailto:[email protected]] 
Sent: June-21-17 9:27 AM
To: For Users of ASSP
Subject: Re: [Assp-user] Multiple SSL certs
 
You may try the following: 

Call to Configure SSL-Listener-Parameters for GUI Connections 
(SSLWEBConfigure)  • 
CorrectASSPcfg::configWebSSL 
If used, assp will call the defined subroutine in an eval closure 
submitting a reference to the assp predefined 
SSL-Socket-Configuration-HASH.
The HASH could be modified in place to your needs - please read the 
documentation of IO::Socket::SSL, Net::SSLeay and OpenSSL. Return values 
are ignored.
You can use/modify the module lib/CorrectASSPcfg.pm to implement your 
code. For example

sub configWebSSL {
    $parms = shift;
    $parms->{timeout} = 10;
    $parms->{'SSL_check_crl'} = 1;
    $parms->{'SSL_crl_file'} = '/assp/certs/crl/crllist.pem';
    return;
}

If the SSL listener should be able to use different certificates on the 
same IP address, depending on the name given by SNI, you can use a hash 
reference instead of a file with hostname => cert_file.

In case certs and keys are needed but not given it might fall back.

sub configWebSSL {
    $parms = shift;
    $parms->{SSL_cert_file} = {
        "foo.example.org" => "/path_to_file/foo-cert.pem",
        "bar.example.org" => "/path_to_file/bar-cert.pem",
        # used when nothing matches or client does not support SNI
        "" => "/path_to_file/server-cert.pem",
    }
    $parms->{SSL_key_file} = {
        "foo.example.org" => "/path_to_file/foo-key.pem",
        "bar.example.org" => "/path_to_file/bar-key.pem",
        # used when nothing matches or client does not support SNI
        "" => "/path_to_file/server-key.pem",
    }
}

Now, if you set this parameter to 'CorrectASSPcfg::configWebSSL' - assp 
will call
CorrectASSPcfg::configWebSSL->(\%sslparms);
NOTICE: This option will possibly not work if you use any self signed 
certificate! 


Thomas





Von:        Alexandre de Arruda Paes <[email protected]> 
An:        For Users of ASSP <[email protected]> 
Datum:        20.06.2017 21:48 
Betreff:        [Assp-user] Multiple SSL certs 




Hi, 

Can I have multiple SSL certs in ASSP? 

i.e.: mail.domain1.com, mail.domain2.com 

Best regards, 

Alexandre
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally 
privileged and protected in law and are intended solely for the use of the 

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no 
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally 
privileged and protected in law and are intended solely for the use of the 

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no 
known virus in this email!
*******************************************************



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user

Reply via email to