Pound Proxy with multiple SSL Certificates

ssl-certificate hostname pound

Solution 1:

Looks like I was being too eager and not doing enough research before posting here. As Pound supports SSL SNI (for SSLv3), I can simply use multiple "Cert" statements to specify multiple certificate files and Pound will select the appropriate one for the incomming request.

[If a request comes into Pound over SSL for a domain that I am not hosting and thusly don't have a certificate for, Pound (for me at least) is just using the first cert in the list which causes the browser to show an SSL error].

SNI is supported by most modern browsers. In the last quarter of 2012, I don't think there too many IE 5 & 6 users for example sill around ;)

This is sample basic config that works for me;

ListenHTTPS
    Address my.public.facing.ip
    Port    443
    Cert    "/etc/ssl/certs/www.sslsite1.com.pem"
    Cert    "/etc/ssl/certs/www.sslsite2.com.pem"

    Service
        BackEnd
            Address 192.168.0.10 # A web server IP
            Port    80
        End
    End
End

Solution 2:

I have Pound that serves several different SSL websites, just use separate ListenHTTPS for each different site that's all.

Related

Converting .cer to .pem?
Linux not interpreting UTF8 encoded characters
Warning when adding multiple VirtualHosts on port 443 - "_default_ VirtualHost overlap on port 443, the first has precedence"
Unable to authenticate using Apache and authnz_mod_ldap in Active Directory
Securing NFS against SSH tunneling
Could not call sign: Could not find certificate request for puppet
What steps are necessary to apply an Enterprise license to an iDRAC7 that shipped with a different license?
What is the difference between init 6 and reboot on Red Hat / RHEL / CentOS?
Can a high load cause a system to reboot?
Wireshark filtering-trying to filter out my own local ip
how does NewRelic work by simply installing .Net agent?
IIS7.5 App Pool recycles - .Net OutOfMemoryException