Menu
▾
▴
Re: [Assp-user] Multiple SSL certs
|
From: Alexandre de A. P. <ada...@gm...> - 2017-06-21 15:48:46
|
Thomas,
But I'm want to use this with STARTTLS with doTLS on. It's possible ?
2017-06-21 10:26 GMT-03:00 Thomas Eckardt <Tho...@th...>:
> You may try the following:
>
> *Call to Configure SSL-Listener-Parameters for GUI Connections *
> *(SSLWEBConfigure)** •*
> CorrectASSPcfg::configWebSSL
> If used, assp will call the defined subroutine in an eval closure
> submitting a reference to the assp predefined SSL-Socket-Configuration-HASH.
> The HASH could be modified in place to your needs - please read the
> documentation of IO::Socket::SSL, Net::SSLeay and OpenSSL. Return values
> are ignored.
> You can use/modify the module lib/CorrectASSPcfg.pm to implement your
> code. For example
>
> sub configWebSSL {
> $parms = shift;
> $parms->{timeout} = 10;
> $parms->{'SSL_check_crl'} = 1;
> $parms->{'SSL_crl_file'} = '/assp/certs/crl/crllist.pem';
> return;
> }
>
> If the SSL listener should be able to use different certificates on the
> same IP address, depending on the name given by SNI, you can use a hash
> reference instead of a file with hostname => cert_file.
>
> In case certs and keys are needed but not given it might fall back.
>
> sub configWebSSL {
> $parms = shift;
> $parms->{SSL_cert_file} = {
> "foo.example.org" => "/path_to_file/foo-cert.pem",
> "bar.example.org" => "/path_to_file/bar-cert.pem",
> # used when nothing matches or client does not support SNI
> "" => "/path_to_file/server-cert.pem",
> }
> $parms->{SSL_key_file} = {
> "foo.example.org" => "/path_to_file/foo-key.pem",
> "bar.example.org" => "/path_to_file/bar-key.pem",
> # used when nothing matches or client does not support SNI
> "" => "/path_to_file/server-key.pem",
> }
> }
>
> Now, if you set this parameter to 'CorrectASSPcfg::configWebSSL' - assp
> will call
> CorrectASSPcfg::configWebSSL->(\%sslparms);
> NOTICE: This option will possibly not work if you use any self signed
> certificate!
>
>
> Thomas
>
>
>
>
>
> Von: Alexandre de Arruda Paes <ada...@gm...>
> An: For Users of ASSP <ass...@li...>
> Datum: 20.06.2017 21:48
> Betreff: [Assp-user] Multiple SSL certs
> ------------------------------
>
>
>
> Hi,
>
> Can I have multiple SSL certs in ASSP?
>
> i.e.: *mail.domain1.com* <http://mail.domain1.com/>, *mail.domain2.com*
> <http://mail.domain2.com/>
>
> Best regards,
>
> Alexandre---------------------------------------------------
> ---------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot______
> _________________________________________
> Assp-user mailing list
> Ass...@li...
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-user mailing list
> Ass...@li...
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
|