Article delegate-en/4640 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: 2 https certificates running on the same delegate host.
17 Nov 2009 00:57:03 GMT (Yutaka Sato)
The DeleGate Project


In message <_A4639@delegate-en.ML_> on 11/17/09(09:13:12)
you Huirong Wang <> wrote:
 |As I know normally one delegate host just can be installed with 1 x SSL
  certificate only for https to http proxy, is that right? Is that possible
  to install 2 different SSL certificates (not self-signed) on the same
  delegate host to achieve while end user goes to different https url,
  can be gotten through with their own SSL cerficate? What I can think is
  running 2 complete separate instances of delegate, which is binding with
  the different IP address and associated https port number, then the
  certificate file copied to the individual folder. Such solution seems
  stupid, IP address still ok, can be solved via DNS A record, but the
  end user must enter that special https port number with the url if it's
  not 443. Could you please tell me if there is any better solution? It's
  much appreciated any advice.

If your browser supports "Server Name Indication" then utilizing it
is the simplest solution.  Just put your certificate for ""
as "DGROOT/certs/"

Otherwise, if you have multiple IP addresses for each certificate, 
maybe the STLS parameter with "connMap" and "-cert" option can be used
to select appropriate certificate.  But now I think I should introduce
far easier way as in SNI, for example by introducing certificates naming
as "sa.xx.xx.xx.xx.pem" for each IP-address.

  9 9   Yutaka Sato <>
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]