Pound Proxy with multiple SSL Certificates

Solution 1:

Looks like I was being too eager and not doing enough research before posting here. As Pound supports SSL SNI (for SSLv3), I can simply use multiple "Cert" statements to specify multiple certificate files and Pound will select the appropriate one for the incomming request.

[If a request comes into Pound over SSL for a domain that I am not hosting and thusly don't have a certificate for, Pound (for me at least) is just using the first cert in the list which causes the browser to show an SSL error].

SNI is supported by most modern browsers. In the last quarter of 2012, I don't think there too many IE 5 & 6 users for example sill around ;)

This is sample basic config that works for me;

ListenHTTPS
    Address my.public.facing.ip
    Port    443
    Cert    "/etc/ssl/certs/www.sslsite1.com.pem"
    Cert    "/etc/ssl/certs/www.sslsite2.com.pem"

    Service
        BackEnd
            Address 192.168.0.10 # A web server IP
            Port    80
        End
    End
End

Solution 2:

I have Pound that serves several different SSL websites, just use separate ListenHTTPS for each different site that's all.