After reading on the Pound website that SSL does not support virtual host names, this in fact seems quite strait forward and obvious to me now. I have a pound load-balancer I wish to terminate SSL connections with. If a web server behind it runs multiple sites based on host name, can I configure pound to use multiple SSL certificates for these different hosts.
The only way to do this I can think of, is to assign another IP to the load balancer for each site that wants to use SSL, and configure a certificate for that IP & port combination for a specific site.
Is any one doing this, would this work?
UPDATE
Ideally, if anyone can share a config example that would be the best solution so I can read about it. Thank you.
Looks like I was being too eager and not doing enough research before posting here. As Pound supports SSL SNI (for SSLv3), I can simply use multiple "Cert" statements to specify multiple certificate files and Pound will select the appropriate one for the incomming request.
[If a request comes into Pound over SSL for a domain that I am not hosting and thusly don't have a certificate for, Pound (for me at least) is just using the first cert in the list which causes the browser to show an SSL error].
SNI is supported by most modern browsers. In the last quarter of 2012, I don't think there too many IE 5 & 6 users for example sill around ;)
This is sample basic config that works for me;
I have Pound that serves several different SSL websites, just use separate ListenHTTPS for each different site that's all.