Single SAN SSL Cert, mutiple sites


#1

I am trying to implement HAProxy with a SAN Cert for multiple sites hosts on the same servers (different IP bindings).
I’ve had some trouble getting the SAN Cert converted to a pem file, and then applying that properly.

I’ve been able to get standard http sites working on the same servers.

Any help would be greatly appreciated…


#2

Can you be more specific?


#3

The current setup is two IIS webservers, each serving four websites (bindings to individual IPs on each server).
There is 80 & 443 traffic for all sites, and we use a single SAN SSL Cert for the 443 traffic. Currently only one server is ever “live”, and switching is done manually (during deploys, for example). We also have separate session state servers in place.

Wondering if there are steps or assistance as to how best go about importing the pre-existing SAN Cert into a pem format. If found very little on how to properly convert this (SAN cert & Intermediate cert).

As mentioned previously, I’ve been able to get a test setup working with standard http traffic, so this is the next step in my testing.

Thanks


#4

You need to convert existing certificates to PEM format, I understand that, but exactly in which format are the existing certificates? Can you open them on Windows?

If yes, just save them to a file choosing the Base64-encoded X.509 format.


#5

Currently I have two certificates, one is a .crt (the SAN cert) and the other a .p7b (Intermediate)
Both can be opened in Notepad++.

The .crt has a “begin certificate” and “end certificate”, while the intermediate p7b has a “begin pkcs7” and “end pkcs7”


#6

Maybe this here helps:
https://www.sslshopper.com/ssl-converter.html