Kong proxy and admin listen SSL : multiple certs

Hello,

I am trying to deploy multiple independent certificates and have kong load all of them and use them all to provide ssl into incoming traffic.
I have a configuration as follows:

ssl_cert = /path/to/cert1.pem,/path/to/cert2.pem
ssl_cert_key = /path/to/cert1.key,/path/to/cert2.key
admin_ssl_cert = /path/to/cert1.pem,/path/to/cert2.pem
admin_ssl_cert_key = /path/to/cert1.key,/path/to/cert2.key

Now it appears that kong does actually load the certificates.

but when attempting to access kong via urls that match each certificate
url that matches cert2
image
url that matches cert1
image

Does kong not support loading multiple different certificates?
Do i need to make a combined cert first?

I did verify that when loading only cert1, everything is fine. When loading only cert2 everything is fine. The problem only occurs when both certs are loaded

I have now tried using a combined certificate and a combined key with the same results

kong oss version 2.3.3
cat cert1.pem cert2.pem > combined_cert.pem
cat cert1.key cert2.key > combined_key.key

I would hope that Kong could host multiple domains and their ssl, but it doesn’t appear to be working (or more likely i am doing something wrong)

So, does anyone know how to get Kong to host more than one domain each with their own ssl / tls certificate?
As in if you have two domains: abc.com and def.com, and they each have an ssl certificate. How do you get kong to load both certificates and serve the appropriate certificate to requests for each of those domains.

Someone else has had the same question:

I have also recently tried with

but am either not using those objects correctly/configuring them incorrect, or they don’t have anything to do with ssl at the kong level

This has been solved.
You can only have a single certificate, and it must cover all the domains (at least for the ssl_cert and admin_ssl_cert).
If you are trying to provide ssl for upstreams or other services that kong is proxying you can use the certificates endpoint along with the sni’s endpoint to setup ssl for those.

But if you are trying to provide ssl for the whole of kong, only a single cert is possible.