Multiple certificates
Niels Peen
niels at peen.net
Sun Jun 12 07:34:07 PDT 2016
>> The ocserv config allows for multiple certificates and keys to be
>> specified, but it’s unclear to me how to bind a specific certificate
>> to a specific hostname. I had hoped ocserv would do this
>> automatically,
>
> It can do it, but you have to use a very recent gnutls (i.e., 3.4.12,
> 3.3.23 or greater).
That worked. Thanks!
BTW, I did run into an unrelated issue:
When briefly trying chain.pem instead of fullchain.pem (as provided by letsencrypt) ocserv wouldn’t start. Instead it flooded the log with this:
Jun 12 22:11:31 seattle-1 ocserv[26991]: sec-mod: error receiving msg head from main
Jun 12 22:11:31 seattle-1 ocserv[26991]: sec-mod: error receiving msg head from main
Jun 12 22:11:31 seattle-1 ocserv[26991]: sec-mod: error receiving msg head from main
Jun 12 22:11:31 seattle-1 ocserv[26991]: sec-mod: error receiving msg head from main
Jun 12 22:11:31 seattle-1 ocserv[26991]: sec-mod: error receiving msg head from main
Jun 12 22:11:31 seattle-1 ocserv[26991]: sec-mod: error receiving msg head from main
Jun 12 22:11:31 seattle-1 ocserv[26991]: sec-mod: error receiving msg head from main
Jun 12 22:11:31 seattle-1 ocserv[26991]: sec-mod: error receiving msg head from main
Jun 12 22:11:31 seattle-1 ocserv[26991]: sec-mod: error receiving msg head from main
Jun 12 22:11:31 seattle-1 ocserv[26991]: sec-mod: error receiving msg head from main
etc..
Regards,
Niels
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160612/8bc5cba6/attachment.sig>
More information about the openconnect-devel
mailing list