I suspect I know the answer to this, but just in case I'm missing something:

Is it possible to have the baked in HTTPS support of NodeBalancers handle SNI certificates with multiple domains?

I'm realize I can use a TCP connection to pass through the SSL data stream and configure my software to use the SNI certificates directly, but I've rather liked the ease of letting the NodeBalancer handle it. I'm hoping there is a way to specify multiple domains directly with the NB. {knock on wood}

SDR

Do you mean "SNI" (Server Name Indication) or "SAN" (Subject Alternate Name)? If you have multiple domains on a single cert, then that would be a SAN cert?

Note: Just in case I'm using terminology incorrectly (dammit Jim, I'm a software engineer, not a sysadmin!), let me explain in slightly more detail what I'm *trying* to do and someone can then chime in with their opinion of my idiocy and tell me the more correct way to do this:

I have a single linode at the moment. I have three domains for which I want SSL (and a number of others that don't require SSL). I just purchased an inexpensive multi domain certificate from Comodo that supports three domains by default with the ability to add more as needed. I only needed the three so I'm trying this out, and worst case I'm out $30 bucks (though I don't think it will come to that).

The Comodo cert type is "positivessl multi domain" with three domains:

https://www.webducky.com
https://www.myempiregames.com
https://www.casaderobison.com

If I go to the first, all is well. It identifies it correctly and I get through securely. If I try the others with the NodeBalancer https termination, my browser (Chrome) is claiming the domains don't match as it can only see the first http://www.webducky.com.

Is this a limitation of the NodeBalancer https termination, or am I doing something wrong? If it is a limitation (which is fine) I should be able to configure lighttpd to do the ssl termination itself, opting for a TCP NodeBalancer type instead of HTTPS.

Is this making any sense or am I up in the night? Or both?

SDR

And as I suspected, I think I was using the wrong terminology. I'm almost certain I'm using SAN not SNI. Stupid TLAs. PCMCIAs!

Thanks XReaper for pointing it out.

SDR

Edit: And lest *that* not make sense to legend is that PCMCIA slots were named such because it stands for "People Can't Memorize Computer Industry Acronyms" or some such.

And for the record: The instructions given by the SSL certificate provider were for a standard single domain cert, not a multi domain cert. I finally puzzled through it and figured it out.

Sorry to waste everyone's time with my sysadmin noobie-esque problems.

SDR