mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-08-06 15:17:01 +02:00
DOC: config: crt-list clarify default cert + cert-bundle
Clarify that HAProxy duplicates crt-list entries for multi-cert bundles which can create unexpected side-effects as only the very first certificate after duplication is considered as default implicitly.
This commit is contained in:
parent
5c15ba5eff
commit
5128178256
@ -16583,6 +16583,10 @@ crt-list <file>
|
||||
configuration, the default certificates could be explicited (with a '*'
|
||||
filter) at the beginning of the list, so an implicit default is not added
|
||||
before.
|
||||
Due to multi-cert bundles being duplicated for each algorithm in the
|
||||
crt-list, only one algorithm will occupy the first line in the crt-list and
|
||||
be considered as default. Either specify the entire bundle as default by
|
||||
declaring '*' as the filter or setting it on the bind line.
|
||||
|
||||
The "show ssl sni" command on the stats socket could be used to debug your
|
||||
configuration. (See "show ssl sni" in the management guide)
|
||||
|
Loading…
Reference in New Issue
Block a user