>
> That's perfect! Your feedback and possible trouble in doing this will
> also definitely help!
>
Oh, if experience tells me one thing, no matter how “straightforward” this may
look, there _will_ be trouble ;-)
Cheers
Daniel
--
Daniel Schneller
Principal Cloud Engineer
CenterDevice
On Fri, May 12, 2017 at 06:42:20PM +0200, Daniel Schneller wrote:
> > That said, given that we can already look up a cert based on a name,
> > maybe in fact we could load all of them and just try to find a more
> > recent one if the first one reported by the SNI is outdated. I don't
> > know if
Willy,
thanks for your elaborate reply! See my remarks below.
> possible impacts nor complexity (but I don't want to have the complete MS
> Office suite merged in, just Word, Excel and PowerPoint :-)).
:-D
> - renewed certs can and will sometimes provide extra alt names, so
>they are not
Hi,
On Tue, May 09, 2017 at 07:04:01PM +0200, Daniel Schneller wrote:
> Hi!
>
> > On 9. May. 2017, at 00:30, Lukas Tribus wrote:
> >
> > [...]
> > I'm opposed to heavy feature-bloating for provisioning use-cases, that
> > can quite easily fixed where the fix belongs - the
Hi!
> On 9. May. 2017, at 00:30, Lukas Tribus wrote:
>
> [...]
> I'm opposed to heavy feature-bloating for provisioning use-cases, that
> can quite easily fixed where the fix belongs - the provisioning layer.
You are right, that this can be handled outside / in the provisioning
Hello,
Am 30.04.2017 um 22:16 schrieb Daniel Schneller:
> Hi!
>
> Yes, you got it right. I have no idea if there are technical limitations in
> the SSL library or other parts of the code that would make several
> certificate/key pairs for the same domain infeasible.
>
> If there were hard
Hi!
Yes, you got it right. I have no idea if there are technical limitations in the
SSL library or other parts of the code that would make several certificate/key
pairs for the same domain infeasible.
If there were hard restrictions, it could certainly be done "externally" with a
set of
HI.
Am 28-04-2017 09:26, schrieb Daniel Schneller:
Hello!
I am managing a few haproxy instances that each manage a good number of
domains and do the TLS termination on behalf of what you might call
"hosted" sites.
Most of the clients connecting to these haproxys implement certificate
Hello!
I am managing a few haproxy instances that each manage a good number of domains
and do the TLS termination on behalf of what you might call “hosted” sites.
Most of the clients connecting to these haproxys implement certificate pinning
and verify that the certificate presented by the
9 matches
Mail list logo