Hey there,
I've been reading these forums for a long time, gathering truly invaluable info. But I'm stuck with a tricky issue for which I can't find a solution.
I have a VPS running DA with just one IP address. I've set it up with SNI enabled (enable_ssl_sni).
But I also have set up DA to allow only secure (https) authentication at login as per this tech note.
Now this works nicely for the server itself, with the server certificate:
https://server.com:2222
But I want each user to be able to log into DA (using their own certificate (which I require for all users), not the server's) on their own domain name. For example:
http://ift.tt/1DY2Avf
http://ift.tt/1ItbErR
I can't seem to make it happen. A domain name mismatch certificate error comes up, because apparantly, the certificate presented at login is the server's, not the user's (which makes sense somehow, the user certificate hasn't been specifically installed for DA, like the server cert).
The automatic redirect from plain text to a secure connection to DA, through ssl_redirect_host=host.name.com as is explained here, will only redirect to a single host name.
Am I overlooking something, or am I expecting just a little too much from the SNI SSL-setup? Or is it just a DA limitation?
I've been reading these forums for a long time, gathering truly invaluable info. But I'm stuck with a tricky issue for which I can't find a solution.
I have a VPS running DA with just one IP address. I've set it up with SNI enabled (enable_ssl_sni).
But I also have set up DA to allow only secure (https) authentication at login as per this tech note.
Now this works nicely for the server itself, with the server certificate:
https://server.com:2222
But I want each user to be able to log into DA (using their own certificate (which I require for all users), not the server's) on their own domain name. For example:
http://ift.tt/1DY2Avf
http://ift.tt/1ItbErR
I can't seem to make it happen. A domain name mismatch certificate error comes up, because apparantly, the certificate presented at login is the server's, not the user's (which makes sense somehow, the user certificate hasn't been specifically installed for DA, like the server cert).
The automatic redirect from plain text to a secure connection to DA, through ssl_redirect_host=host.name.com as is explained here, will only redirect to a single host name.
Am I overlooking something, or am I expecting just a little too much from the SNI SSL-setup? Or is it just a DA limitation?
DA login over SSL with single IP and SNI enabled, possible?
Aucun commentaire:
Enregistrer un commentaire