On Jan 29, 2014, at 2:51 PM, Reindl Harald <[email protected]> wrote:
> > Am 29.01.2014 23:21, schrieb Leif Hedstrom: [snip] >> you’d have entries in both ssl_multicert.config and remap.config for each >> domain you want to support HTTPS for" > http://trafficserver.readthedocs.org/en/4.0.x/reference/configuration/ssl_multicert.config.en.html > > hmmm - but what to do having one IP and different domains with different certs This requires client support for SNI. Add all your certificates in ssl_multicert.config and ATS will do the right thing. The certificate selection algorithm is described here: http://trafficserver.readthedocs.org/en/latest/reference/configuration/ssl_multicert.config.en.html#certificate-selection > "I’d have to see the https config" > > well, there does not exist any defined config for now, i try to figure out > what > is the best way to plan this and integrate it in our admin-backends so that it > scales over years with low maintainance > > what really would help in the documentation is a complete example of let say > 2 complete different domains with their own cert and any related file for > that in reverse mode to see a complete picture on one page > > for httpd both, a real SNI host and ssl-reverse-proxy is quite simple and > connected > in a few lines (see below) and i try to figure out how get it the same with > ATS > and there may also be *.domain.tld-wildcard-certs in the game, at least one ssl_multicert.config: ssl_cert_name=/etc/pki/domain2.example.com.pem ssl_cert_name=/etc/pki/domain1.example.com.pem remap.config: map https://domain1.example.com http://origin1.example.com map https://domain2.example.com http://origin2.example.com J
