Hello,
I’m using SSL termination in Haproxy. HAproxy is handling connections from multiple hosts on port 443. We have different c ertificates for different hosts. So I choose to use crt-list in ssl directive to provide mapping file of host and it’s certificates.
Here is haproxy.cfg and crt-list.txt
frontend https-in
bind 0.0.0.0:443 ssl crt-list /etc/haproxy/crt-list.txt
and crt-list.txt
host1 /path/to/foo.pem
host2 /path/to/bar.pem
When I come from host1 or host2 then it takes correct configuration. but when i come from other domain for example host3, It takes certificates of host1. I don’t know It should be happen or not.
I think i can redirect to http if it host is not exist in crt-list.txt file but I don’t know how to accomplish that. or if anyone has suggestion on what is the correct way to handle the request then it would be welcomed.
Thanks & Regards,
Chintan Patel