I have a HAProxy + stunnel setup, I would like to have different certificates for my domain and submdomain. Certificate 1 - example.com Certificate 2 - foo.example.com How do I configure Stunnel to do this? It works fine with just one certificate but I have trouble setting it up for multiple certificates. Thanks!
Asked
Active
Viewed 1,511 times
2
-
You run multiple instances of stunnel. AFAIK it doesn't do multiple certs. – Zoredache Apr 09 '14 at 05:25
1 Answers
5
With one IP address, you need to use the TLS SNI extension. There's an example config here: https://serverfault.com/a/440563/216353
Server-side SNI requires stunnel version 4.38 or newer compiled with OpenSSL 1.0.0 or newer.
Also, client support:
- IE7+
- Chrome 6+
- Firefox 2+
- Opera 8+
- Safari 3+
- iOS4+
Also note that Windows XP does not support the SNI extension.
bennettp123
- 388
- 2
- 7
-
2bennettp123, welcome to SF. That's a cracking, textbook first answer - +1 from me. – MadHatter Apr 14 '14 at 10:59