--path

Un peu une saloperie ce HSTS tout de même

Chrome:

Open Chrome
Type chrome://net-internals/#hsts in the address bar of chrome
Query domain: if it appears as a result, it is HSTS enabled

Firefox:

Open file explorer
Copy paste %APPDATA%\Mozilla\Firefox\Profiles\ in the address bar of file explorer (for Linux it is ~/.mozilla/firefox)
Double click the folder you see (if you have multiple FF profiles, there will be multiple folders)
Open SiteSecurityServiceState.txt. This textfile contains sites that have enabled HSTS.

via Doo

Pour avoir plusieurs certificats

If a directory name is used instead of a PEM file, then all files found in
that directory will be loaded in alphabetic order unless their name ends with
'.issuer' or '.ocsp' (reserved extensions). This directive may be specified
multiple times in order to load certificates from multiple files or
directories. The certificates will be presented to clients who provide a valid
TLS Server Name Indication field matching one of their CN or alt subjects.
Wildcards are supported, where a wildcard character '' is used instead of the
first hostname component (eg: .example.org matches www.example.org but not
www.sub.example.org).

If no SNI is provided by the client or if the SSL library does not support
TLS extensions, or if the client provides an SNI hostname which does not
match any certificate, then the first loaded certificate will be presented.
This means that when loading certificates from a directory, it is highly
recommended to load the default one first as a file or to ensure that it will
always be the first one in the directory.

via skunnyk

Faudrait que je fasse ça, ce serait plus propre

Bon article sur quelques subtilités ssl

via Skunnyk