multiple ssl certs in haproxy

Create combined cert/key for each domain

You cat the www.example.com.crt and www.example.com.key to create a combined .pem for each domain. You then add the path to each pem file. For example, a conf for www.example.com and www.example.org would look something like this.

cat www.example.com.crt www.example.com.key > /etc/sslcerts/www.example.com.pem

Verify Cert

You can view the cert and check validity using openssl.

openssl x509 -in /etc/sslcerts/www.example.com.pem -text

frontend bind declaration in haproxy configuration

 bind 0.0.0.0:443 crt /etc/sslcerts/www.example.com.pem crt /etc/sslcerts/www.example.org.pem

If you have specific ciphers, you can also add them per certificate. If one is 1024-bit vs 2048-bit for example.

After updating your configuration, just restart haproxy.

Verify Live Cert

openssl s_client -showcerts -connect www.seekingbeer.com:443

Sources

Great example on StackOverflow on how to configure multiple ssl certificates in haproxy. 

Current rating: 2

(Comments)

Comments