Issue with VirtualHost definition order and SNI SSL

Iantcho Vassilev ianchov at gmail.com
Wed Oct 28 10:31:05 MSK 2009


2009/10/27 Igor Sysoev <is at rambler-co.ru>

> On Tue, Oct 27, 2009 at 07:42:42PM +0200, Iantcho Vassilev wrote:
>
> > 2009/10/27 Igor Sysoev <is at rambler-co.ru>
> >
> > > On Tue, Oct 27, 2009 at 12:55:34PM +0200, Iantcho Vassilev wrote:
> > >
> > > > Here is my two ssl vhosts>>>
> > > >
> > > > server {
> > > >         listen  443;
> > > >         ssl on;
> > > >         ssl_certificate /usr/local/etc/pathTocrt;
> > > >         ssl_certificate_key /usr/local/pathTokey;
> > > >
> > > >
> > > >         server_name xxxxx.com www.xxxxxx.com
> > > >
> > >
> ---------------------------------------------------------------------------------------------------
> > > >
> > > > server {
> > > >         listen  443;
> > > >         ssl on;
> > > >           ssl_certificate /usr/local/etc/pathTocrt2;
> > > >      ssl_certificate_key /usr/local/pathTokey2;
> > > >
> > > >
> > > >         server_name xxxxx2.com wwww.xxxxxx2.com
> > > >
> > > >
> > > > Hope that helps..
> > >
> > > As I understand Linmiao Xu <linmiao.xu at jhu.edu> is different man.
> > > Well what is your case ? What browser do you use ?
> > >
> > > I've just created my own ceritificate authority, have installed
> > > the CA certificate in FF 3.0, then have created 2 certificate signed
> > > by this authority. Both certificate works well wiht SNI without any
> > > message.
> >
> > Sorry about the misunderstanding..those two sites use Godaddy and TrueSSL
> > certificates
> > When i put one of the server to listen to other port (one is 443 other
> 444)
> > both certificates work
> > when they are on port 443 both sites use the first loaded certificate....
> > I though it should work without installing any CA or whatever  (those are
> > trustworthy CA)
>
> What browsers did you use for testing ?
>
>

I used F.F 3.5.3
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20091028/6f7d3215/attachment.html>


More information about the nginx mailing list