On Wed, May 4, 2016 at 10:19 AM, Yick Xie <yick.xie at gmail.com> wrote: > Hello, > Does ocserv support multiple certs and keys on one server? Yes, but they have to by either different type (ECC vs RSA) or have different host names set. That way ocserv would know how to serve each certificate on each connection. For the case you describe you could make an alias (CNAME) of your server address for the users to fallback and mark the fallback certificate with that name. regards, Nikos