Jean-Pierre de Villiers <jeanpierre@jeanpierredevilliers.xyz> writes:
> Personally, I would drop the keypairs you define and rename the
> certificates as 'localhost.crt' for example.com and its subdomain and a
> certificate 'localhost:8082' for handling beispiel.de. Similarly,
> repeat this for the private keys as well.
I tried this out, but it didn't help ._.
Now it doesn't even appear to notice the certificates, as the output now
is just
relayd -nvvv
/etc/relayd.conf:43: cannot load certificates for relay secure
But "at least", it says "secure" instead of "secure4:443"?
I am wondering if this could be a bug? It appears to make no sense to
me...
> No further configuration is needed after that. See the description of
> 'keypair' under the PROTOCOLS section in relayd.conf(8).
That confuses me, as one the one hand the manual says
The relay will attempt to look up a private key in
/etc/ssl/private/name:port.key and a public certificate in
/etc/ssl/name:port.crt, WHERE PORT IS THE SPECIFIED PORT THAT THE
RELAY LISTENS ON.
which would mean that the certificate should be called localhost:443 (or
127.0.0.1:443), but then again the same paragraph says
If not specified, a keypair will be loaded using the specified IP
address of the relay as name.
Which I read as saying that it will try to use /etc/ssl/secure.key, in
my case. That obviously won't work, as I need different certificates for
different domains.
--
Philip K.
No comments:
Post a Comment