| default (class) | |
|---|---|
| Default: None | |
The certificate to show to the peer if no matching hostname is found in hostname_certificate_map.
|
| hostname_certificate_map (complex) | |
|---|---|
| Default: n/a | |
A hash containing a matcher-certificate map. Each element of the hash contains a matcher and a certificate:
if a matcher matches the hostname in the SNI request, Zorp shows the certificate to the peer.
You can use any matcher policy, though in most cases, RegexpMatcher will be adequate.
Different elements of the hash can use different types of matchers, for example, RegexpMatcher and RegexpFileMatcher.
For details on matcher policies, see Section 5.7, Module Matcher.
For an example on using SNIBasedCertificate, see
Procedure 4.1, Configuring Server Name Indication (SNI) in How to configure HTTPS proxying in PNS 1.0.
hostname_certificate_map={
RegexpMatcher(
match_list=("myfirstdomain.example.com", )): StaticCertificate(
certificate=Certificate.fromFile(
certificate_file_path="/etc/key.d/myfirstdomain/cert.pem",
private_key=PrivateKey.fromFile(
"/etc/key.d/myfirstdomain/key.pem"))),}
|
Published on June 04, 2020
© 2007-2019 BalaSys
Send your comments to support@balasys.hu
