Multiple Sites On A Single Server Using SSL With SNI, How To Re-Encrypt SSL Connection

0

Doesn't seem to work in 7.2.38 If i set the SNI value on the parent VS that one site works. If i remove it, they both break.

3 comments

Avatar
0
Mark Deegan

Hello,

Can I ask is this for the backend connection to the real servers or the front end connected to the clients? from the limited information it seems to me to be using the "reencryption SNI Hostname". If this is the case then only 1 hostname can be specified. you can disable the requirement for SNI hostname on the real servers as the re-encrypt is happening on your local network from the LM and does not present a security risk.

regards

Mark

Avatar
0
kmaley

Hi Mark,

Front end connection to the clients. I only have a single public IP available and have 2 applications both running on 443. If i specify the reencryption for one of the FQDNs that portion works but the other doesn't. I have 3 VS setup currently. One that i thought I would be able to configure for the single public IP with passing through the requests to the sub VS. Then the other 2 are the unique applications/websites. Does that make sense?

 

Thanks,

Kyle

Avatar
0
rla2680

ADFS 3.0 is a great example of breaking the connection if it's a subVS along with other VSes. the workaround is to setup the failback binding on both the ADFS and the ADFS proxy servers. a google search will yield tons of results on the workaround.