Article delegate-en/4576 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4574@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: how to implement SNI on https? detailed instruction please.
23 Sep 2009 01:26:57 GMT David Wang <p2eiqbdyi-re5dixvjuhtr.ml@ml.delegate.org>


Hi Yutaka,

Did you receive my reply on that same day?
Looking forward to hearing from you.

Kind regards,
David

On Mon, Sep 21, 2009 at 2:57 PM, Yutaka Sato <feedback@delegate.org> wrote:

> In message <_A4573@delegate-en.ML_>
> on 09/21/09(09:27:52)
> you David Wang <p2eiqbdyi-re5dixvjuhtr.ml@ml.delegate.org> wrote:
>  |STLS=mitm is followed by your notes, after your explanation, yes, we
> should
>  |configure it to be STLS=fcl. Yes, I know the SNI should be supported by
>  |browser as well. we are using Firefox 3.0.13 to test it. I just tested it
>  |with STLS=fcl, the certificate is still using the delegate host's (
>  |portal.abc.com), rather than our customer's (portal.xyz.com) even i have
>  |moved both certificate and key files for each domain into that CERTDIR
>  |folder.
>
> The following is a simple way to test SNI with DeleGate.
>
> 1) run a DeleGate as a HTTPS/SSL server
>
>  % delegated -P9999 -fv SERVER=https STLS=fcl TLSCONF=-vd
>
> 2) access the server from a HTTPS/SSL client
>
>  open "https://localhost.localdomain:9999" by a browser or by DeleGate as:
>  % delegated FSV=sslway https://localhost.localdomain:9999
>
>  [the LOGFILE of DeleGate]
>  --
>  09/21 13:44:14.50 [6387] 1+1: ## SSLway CFI_TYPE=FCL: -ac is assumed
>  09/21 13:44:14.50 [6387] 1+1: ## SSLway CFI_SYNC send start [23]
>  09/21 13:44:14.50 [6387] 1+1: ## SSLway start
>  09/21 13:44:14.51 [6387] 1+1: ## SSLway reuse ctx #2088594664 C0A3B0
>  09/21 13:44:14.51 [6387] 1+1: ## SSLway 201FC00 loadSession 0.000133 (0 0)
> / -1
>  09/21 13:44:14.51 [6387] 1+1: ## SSLway -- TLSxSNI: recv
> localhost.localdomain
>  09/21 13:44:14.51 [6387] 1+1: ## SSLway -- TLSxSNI: localhost.localdomain
> NOT-FOUND
>  09/21 13:44:14.51 [6387] 1+1: ## SSLway -- TLSxSNI: localhost.localdomain
> NOT-FOUND: DONT-CARED
>  --
>  *** it says there is no cert. for the domain but ignored ***
>
> 3) put a certificate file for SNI into DGROOT/etc/certs
>
>   % cp xxx/yyy.pem etc/certs/sn.localhost.localdomain.pem
>   % ls -l etc/certs
>   -rw-r--r--   1 yutaka  yutaka  2278 Sep 21 13:35
> sn.localhost.localdomain.pem
>
> 4) access the server agein
>
>  [the LOGFILE of DeleGate]
>  --
>  09/21 13:45:00.80 [6399] 1+1: ## SSLway CFI_TYPE=FCL: -ac is assumed
>  09/21 13:45:00.81 [6399] 1+1: ## SSLway CFI_SYNC send start [23]
>  09/21 13:45:00.81 [6399] 1+1: ## SSLway start
>  09/21 13:45:00.81 [6399] 1+1: ## SSLway reuse ctx #2088594664 C0A2B0
>  09/21 13:45:00.81 [6399] 1+1: ## SSLway 2021000 loadSession 0.000446 (0 0)
> / -1
>  09/21 13:45:00.81 [6399] 1+1: ## SSLway -- TLSxSNI: recv
> localhost.localdomain
>  09/21 13:45:00.83 [6399] 1+1: ## SSLway -- TLSxSNI: localhost.localdomain
> [/xxx/delegate/etc/certs/sn.localhost.localdomain.pem]
>  09/21 13:45:00.84 [6399] 1+1: ## SSLway certchain loaded:
> /xxx/delegate/etc/certs/sn.localhost.localdomain.pem
>  09/21 13:45:00.84 [6399] 1+1: ## SSLway keyfile loaded:
> /xxx/delegate/etc/certs/sn.localhost.localdomain.pem
>  09/21 13:45:00.84 [6399] 1+1: ## SSLway TLSxSNI: localhost.localdomain
> /xxx/delegate/etc/certs/sn.localhost.localdomain.pem
>  --
>  *** it says the cert. for the domain is fund and used ***
>
> Cheers,
> Yutaka
> --
>  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
>  ( ~ )  National Institute of Advanced Industrial Science and Technology
> _<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
> Do the more with the less -- B. Fuller
>


  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V