trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Esmq <e...@163.com>
Subject Re:Re: ssl reverse proxy and ssl sni ?
Date Tue, 12 Mar 2013 03:22:15 GMT
hi, Leif


it seems does'nt work... following is my test config:


ssl_multicert.config:
dest_ip=*       ssl_cert_name=cert.pem ssl_key_name=key.pem


records.config:
CONFIG proxy.config.http.server_ports STRING 80 443:ssl


remap.config:
map https://.*.test.com/ https://$1.test.com/


with SNI and SSL Termination, i want when browser access https://a.test.com, shows the certificate
of a.test.com;


but the above configuration , show all the https sites the same certificate...


i don't know wheather i misunderstand the sni and ssl termination, or the config is not correct~





At 2013-03-11 22:19:24,"Leif Hedstrom" <zwoop@apache.org> wrote:

If you run a version of ATS that supports SNI, yes. Pretty sure v3.2.4 does, for example.


-- Leif 

On Mar 11, 2013, at 4:00 AM, Esmq <esmq@163.com> wrote:


hi, all


we know that an extension to TLS called Server Name Indication (SNI) ,enable web server to
select a correct virtual domain
and shows the borwser the cerficate containing the correct name...


apache/nginx just do the right thing...


and i know when configure ats as ssl reverse proxy, the cerficated shows to the browser is
the cerficate that on ats, not the cerficated on the original server...


so. when ats act as reverse proxy, does sni work?



Mime
View raw message