You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I added a new website with a new domain and now another certificate needs to be used for that site. The documentation shows this config:
{
"Kestrel": {
"Endpoints": {
"MySniEndpoint": {
"Url": "https://*",
"SslProtocols": ["Tls11", "Tls12"],
"Sni": {
"a.example.org": {
"Protocols": "Http1AndHttp2",
"SslProtocols": ["Tls11", "Tls12", "Tls13"],
"Certificate": {
"Subject": "<subject; required>",
"Store": "<certificate store; required>",
},
"ClientCertificateMode" : "NoCertificate"
},
"*.example.org": {
"Certificate": {
"Path": "<path to .pfx file>",
"Password": "$CREDENTIAL_PLACEHOLDER$"
}
},
"*": {
// At least one subproperty needs to exist per SNI section or it// cannot be discovered via IConfiguration"Protocols": "Http1",
}
}
}
},
"Certificates": {
"Default": {
"Path": "<path to .pfx file>",
"Password": "$CREDENTIAL_PLACEHOLDER$"
}
}
}
}
but is has nothing in common with my current config and I'm afraid I'm gonna mess it up. What is the correct configuration for this scenario:
Main website -> *.site-a.com [everything works]
New website -> site-b.com [I got the .crt and .key files]
Allow HTTP (80) traffics, they will be redirected with app.UseHttpsRedirection(). For HTTPS (443) traffics, if it's site-b.com use b-bundle.crt and b-cert.key files, for anything else (which currently means site-a.com and its subdomains use bundle.crt and cert.key files.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
I have a YARP gateway which uses the following configuration:
I added a new website with a new domain and now another certificate needs to be used for that site. The documentation shows this config:
{ "Kestrel": { "Endpoints": { "MySniEndpoint": { "Url": "https://*", "SslProtocols": ["Tls11", "Tls12"], "Sni": { "a.example.org": { "Protocols": "Http1AndHttp2", "SslProtocols": ["Tls11", "Tls12", "Tls13"], "Certificate": { "Subject": "<subject; required>", "Store": "<certificate store; required>", }, "ClientCertificateMode" : "NoCertificate" }, "*.example.org": { "Certificate": { "Path": "<path to .pfx file>", "Password": "$CREDENTIAL_PLACEHOLDER$" } }, "*": { // At least one subproperty needs to exist per SNI section or it // cannot be discovered via IConfiguration "Protocols": "Http1", } } } }, "Certificates": { "Default": { "Path": "<path to .pfx file>", "Password": "$CREDENTIAL_PLACEHOLDER$" } } } }but is has nothing in common with my current config and I'm afraid I'm gonna mess it up. What is the correct configuration for this scenario:
Main website -> *.site-a.com [everything works]
New website -> site-b.com [I got the
.crtand.keyfiles]Allow HTTP (80) traffics, they will be redirected with
app.UseHttpsRedirection(). For HTTPS (443) traffics, if it'ssite-b.comuseb-bundle.crtandb-cert.keyfiles, for anything else (which currently meanssite-a.comand its subdomains usebundle.crtandcert.keyfiles.Beta Was this translation helpful? Give feedback.
All reactions