Re: How to use SSL with multi domain

Anuj Jain <anuj17280@...>

Thanks Amit - that means to support any new domain - each time we need to
add more hardware (HAProxy) and need to redeploy cloud foundry.
Do we have any plan in near future to provide native SSL cert support for
custom domains.

On Wed, Dec 9, 2015 at 1:38 AM, Amit Gupta <agupta(a)> wrote:

If you're doing SSL termination at the HAProxy, you have a couple options.

One option is to configure multiple separate HAProxies, have each domain
resolve to the IP of the HAProxy that serves its corresponding cert, and
configure all the HAProxies to balance traffic to all the routers.

Another option is to get a certificate that covers multiple domains, and
just configure HAProxy once to serve that multi-domain cert. I think the
first option is better because it scales better as you add and remove

Unfortunately, right now there is no way to configure a single HAProxy to
serve multiple different SSL certs.

As for ELB, I'd recommend researching ELB capabilities separately.


On Tue, Dec 8, 2015 at 2:43 AM, Anuj Jain <anuj17280(a)> wrote:


We successfully able to create, map and test any new domain (private
and/or shared both) and could also able to access application using that
new domain/route.
Now we want to configure SSL for new domain - I have few questions:

1/ is cloud foundry provide multiple SSL offload on haproxy?
2/ I do not want to use any third party option (e.g. cloudflare -, is
there any otherway which I can use and if not by when we can expect native
SSL termination support on cloud foundry.
3/ we do have two environments one on VSPhere and other one on AWS - on
AWS we are using ELB - can we terminate multiple SSL on ELB for
multiple/custom domains on same port (do not want to change the port for
each SSL cert)

- Anuj

Join { to automatically receive all group messages.