Article delegate-en/4562 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4561@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: how to implement SNI on https? detailed instruction please.
16 Sep 2009 18:06:22 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

In message <_A4561@delegate-en.ML_> on 09/16/09(13:33:55)
you David Wang <p2eiqbdyi-rn3efjmwkilr.ml@ml.delegate.org> wrote:
 |We致e compiled the 9.9.3 from the source already, now would like to
 |implement different https url with associated ssl certificate bundled with
 |the same IP address. I downloaded the ssl lib from
 |ftp://ftp.delegate.org/pub/DeleGate/bin/linux/sslway/dglibssl.so.gz,
 |uncompress it and replace /lib/libssl.so.0.9.7a, then re-compile from the
 |source via run ~delegate9.93/make, then change the config file followed your
 |release note http://www.delegate.org/mail-lists/delegate-en/03889, it痴:

I thinks the following documents should be helpful to see how to use
SSL gatewaying by DeleGate.
<URL:http://www.delegate.org/delegate/HowToDG.html#sslgateway>
<URL:http://www.delegate.org/delegate/tls/>
<URL:http://www.delegate.org/delegate/nvproxy/>
<URL:http://www.delegate.org/mail-lists/delegate-en/4545>

 |DGPATH=/var/spool/delegate-nobody/etc:+

I'm not sure why you need the above.

 |CERTDIR=/var/spool/delegate-nobody/etc/certs

I'm not sure why you need the above.

 |STLS=mitm
 |REMITTABLE=https

I'm not sure what the above parameters intends and I'm not sure
your DeleGate is to work as an origin or a proxy server.
If your DeleGate is an origin HTTPS server as a gateway to HTTP servers,
it should be as follows instead:

 STLS=fcl
 SERVER=https

 |MOUNT=/ http://xx.xx.xx.xx:8080/index.html host=-name1.domain.com
 |MOUNT=/* http://xx.xx.xx.xx:8080/* host=-name1.domain.com
 |MOUNT=/ http://xx.xx.xx.xx:8080/index.html host=-name2.domain.com
 |MOUNT=/* http://xx.xx.xx.xx:8080/* host=-name2.domain.com

I can't understand what the above MOUNTs means.

 |And ~/etc/certs contains the key and CSR for both domains:
 |
 |name1.domain.com-key.pem
 |sn.name1.domain.com.pem
 |name2.domain.com-key.pem
 |sn.name2.domain.com.pem
 |
 |but both not working. Could you tell me the detailed instruction how to
 |implement the SNI with delegated installed from source?

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V