You need to set up multiple server contexts and install a callback to select the right context for each connection. See the docs for `ssl-set-server-name-identification-callback!` for an example sketch.
A preemptive warning: There might be issues with client certificate authentication with TLS 1.3 connections --- or maybe not. I think it will still work fine if you use `ssl-set-verify!` on the server context to require client authentication; but calling `ssl-set-verify!` on a port returned by `ssl-accept` probably won't work. Anyway, if you have problems with client authentication see if it works with a TLS 1.2 client, and if so write back (here or any other Racket place). Ryan On Sun, Mar 13, 2022 at 6:02 PM Curtis Dutton <[email protected]> wrote: > I have a webserver with a set of admin pages that use client certificates > to control access. > > I would also like to use a letsencrypt certificate for the main site for > standard guest users. > > > Is is possible to set up my webserver to have > > https://mywebserver.com which uses the letsencrypt certificate for > standard users > > and > > https://admin.mywebserver.com which uses the self signed certificate that > validates client certificates for administrative use > > I would like to run only one instance of my server that listens on port > 443 but will serve either style of certificate based upon the domain. > > I know apache can do this with the SNI protocol. > > If racket webserver does not yet support this I will build an SNI > dispatcher and share it. > > Thanks, > Curtis > > -- > You received this message because you are subscribed to the Google Groups > "Racket Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/racket-dev/CAPChLEoMEo%3DNR8CfzrA4Yd2Z%3DgHpvC_2QFvD%3Dg%3DsXiFTBAFVZg%40mail.gmail.com > <https://groups.google.com/d/msgid/racket-dev/CAPChLEoMEo%3DNR8CfzrA4Yd2Z%3DgHpvC_2QFvD%3Dg%3DsXiFTBAFVZg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Racket Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/racket-dev/CANy33qkM20ri7wh0LU48eiheZ6wwv11ODcn%3D%3D48yrx3BtMUocg%40mail.gmail.com.
