[f-nsp] Serveriron SSL termination
Jonas Frey (Probe Networks)
jf at probe-networks.de
Thu Sep 4 10:20:44 EDT 2014
Chris,
you are right, this is as of 12.4.00p (June/2014) not possible with the
ADX.
Brocade still doesnt support RFC3546.
If you need a SNI-capable Loadbalancer look at:
http://blog.haproxy.com/2012/04/13/enhanced-ssl-load-balancing-with-server-name-indication-sni-tls-extension/
You can only assign multiple ssl cert's to a virtual host if you
terminate/proxy them on different ports. Its not possible to distinguish
between hostnames.
-Jonas
Am Donnerstag, den 04.09.2014, 12:31 +0100 schrieb Chris Good:
> I'm considering adding SSL termination to our existing deployment of
> ADXs. At present we funnel all SSL through a apache proxy layer that
> has multiple name based vhosts each with their own certificate per
> vhost, this proxy shim then sends traffic to the non-ssl server.
>
>
> All the "real servers" in a cluster can handle all vhosts so we don't
> need multiple bind rules, we just need to be able to terminate with
> multiple ssl profiles on a single virtual server. I've been reading
> through the ssl termination documentation but can't see any obvious
> way to hang multiple certificates off a single virtual server. Am I
> missing something or is it not possible to define a virtual server
> with multiple profiles on the ADX?
>
>
> Chris
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20140904/7c1410de/attachment.sig>
More information about the foundry-nsp
mailing list