I have a YARP gateway which uses the following configuration:
"Kestrel": {
"Endpoints": {
"Http": {
"Url": "http://+:80"
},
"HttpsInlineCertAndKeyFile": {
"Url": "https://+:443",
"Certificate": {
"Path": "/tls/bundle.crt",
"KeyPath": "/tls/cert.key"
}
}
}
}
I added a new website with a new domain and now another certificate needs to be used for that site. The documentation shows this config:
{
"Kestrel": {
"Endpoints": {
"MySniEndpoint": {
"Url": "https://*",
"SslProtocols": ["Tls11", "Tls12"],
"Sni": {
"a.example.org": {
"Protocols": "Http1AndHttp2",
"SslProtocols": ["Tls11", "Tls12", "Tls13"],
"Certificate": {
"Subject": "<subject; required>",
"Store": "<certificate store; required>",
},
"ClientCertificateMode" : "NoCertificate"
},
"*.example.org": {
"Certificate": {
"Path": "<path to .pfx file>",
"Password": "$CREDENTIAL_PLACEHOLDER$"
}
},
"*": {
// At least one subproperty needs to exist per SNI section or it
// cannot be discovered via IConfiguration
"Protocols": "Http1",
}
}
}
},
"Certificates": {
"Default": {
"Path": "<path to .pfx file>",
"Password": "$CREDENTIAL_PLACEHOLDER$"
}
}
}
}
but is has nothing in common with my current config and I'm afraid I'm gonna mess it up. What is the correct configuration for this scenario:
Main website -> *.site-a.com [everything works]
New website -> site-b.com [I got the .crt and .key files]
Allow HTTP (80) traffics, they will be redirected with app.UseHttpsRedirection(). For HTTPS (443) traffics, if it's site-b.com use b-bundle.crt and b-cert.key files, for anything else (which currently means site-a.com and its subdomains use bundle.crt and cert.key files.
