Thank you for support, we have fixed our issues. Ha. ----- Original Message -----
From: "Lukas Tribus" <luky...@hotmail.com> To: "Peter BUtler" <peter_butler1...@outlook.com>, haproxy@formilux.org Sent: Sunday, March 22, 2015 6:27:15 AM Subject: RE: HAProxy with multiple certificates, one of which being wild card, and the other being sub of that wildcard > I have tried this change already, by renaming them alphabetically. > Didn't make any difference. It won't in 1.5.8. Only 1.5.11 respects alphabetical ordering of the certificates in a folder. Please specify them manually: crt /etc/haproxy/ssl/wildcard.mycompany.com.au.crt crt /etc/haproxy/ssl/www.secure.mycompany.com.au.crt (or vice versa, if I haven't got the problem right). > > You can read the RFC 2818, chapter "3.1. Server Identity" for more > details : > > http://tools.ietf.org/html/rfc2818#section-3.1 > > > > I think my issue is here, from your link: > E.g., *.a.com matches foo.a.com but not bar.foo.a.com > > In my case I have a cert for both: > *.a.com.au > and > bar.foo.a.com.au If those informations are correct, there is simply a bug here. The wildcard certificate should be served for secure.mycompany.com.au, not the www.secure.mycompany.com.au certificate. You are making sure that all Browsers support SNI that you test, correct (meaning no test with Internet Explorer on Windows XP)? Lukas
