Multiple ssl certs for the same IP?
Igor Sysoev
is at rambler-co.ru
Mon May 5 08:58:32 MSD 2008
On Sun, May 04, 2008 at 11:07:32PM +0100, Ed W wrote:
> Grzegorz Nosek wrote:
> >On Sun, May 04, 2008 at 09:54:41AM -0700, Rt Ibmer wrote:
> >
> >>How can I tell nginx to use the pem and keyfiles for foo.mydomain.com AND
> >>bar.mydomain.com when the same "server" is listening for both FQDN
> >>domains (remember, both FQDN's resolve to the same IP and it will stay
> >>that way for some time to come. Over time I may split these out).
> >>
> >
> >AFAIK this is impossible without some new (and not widely supported)
> >extensions to the SSL protocol.
>
> I heard it's coming in Firefox3?
>
> (Probably IE won't support it for another decade though...)
This extension is called SNI. It supported by IE7, but only under Vista,
and I'm not sure will MS add these crypto DLLs in XP. Also SNI is supported
by Opera8 and Firefox2. To support SNI from nginx side OpenSSL-0.9.9
is required, that is currently in developing stage.
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list