Forum

Support for Dual/Multiple certificates?

Akash
27 June 2016, 10:32
Hi there,

May be a little far fetched for a tight web-server such as hiawatha. But still feel like asking. Does your server support multiple certificates for same hostname. In order to support legacy clients without SHA256 support, I wanna setup ECDSA + RSA stack of dual certificates. I could find only Apache & Nginx (with a unofficial patch) supporting this.

-Akash
Hugo Leisink
27 June 2016, 20:47
I think this is something the TLS library should support, not the application using the TLS library. So, if you want this, you better consult the mbed TLS developer.
Akash
28 June 2016, 01:29
It does take more than that otherwise all webservers which link to OpenSSL would be supporting this. Unfortunately only Apache supports this out of the box & Nginx also can be made to do so with some available patches. Lighttpd, Litespeed etc don't have it yet. So it does depend on the web-server also, not only the library.

But you are right. I should first check with mbed whether the functionality even exists in the lib or not as OpenSSL also made this available in recent years only.
Hugo Leisink
30 June 2016, 00:43
Sure, I also need to do some things in Hiawatha. But it starts with the TLS library.
This topic has been closed.