I installed a new web-server today and tested out its SNI features. SNI solves the problem of hosting multiple virtual hosts on the same server running SSL. In the past, it was not possible to present a different certificate for each virtual host, necessitating the use of other techniques.
This was how I did it at first:
$SERVER["socket"] == "10.0.0.1:443" {
ssl.engine = "enable"
ssl.pemfile = "www.example.org.pem"
}
$HTTP["host"] == "foo.example.org" {
ssl.pemfile = "foo.example.org.pem"
}
$HTTP["host"] == "bar.example.org" {
ssl.pemfile = "bar.example.org.pem"
}
However, after setting it up, it successfully presented different certificates but it seemed to present the wrong ones for different virtual hosts. After mucking about the Internets, I came to the conclusion that my configuration file was in error. A proper SNI configuration should be configured as such:
$SERVER["socket"] == "10.0.0.1:443" {
ssl.engine = "enable"
ssl.pemfile = "www.example.org.pem"
$HTTP["host"] == "foo.example.org" {
ssl.pemfile = "foo.example.org.pem"
}
$HTTP["host"] == "bar.example.org" {
ssl.pemfile = "bar.example.org.pem"
}
}
After that it worked magically. Wow for nested configs!
Update: Turns out that I spoke too soon. The problem still persists.
Technical Intercourse 