Dynamic ssl certificate ? (wildcard+ multiple different certs)

Reinis Rozitis r at roze.lv
Thu Jan 9 16:52:39 UTC 2014

> So, what is the workaround I could use to avoid creating one file per new 
> (self-signed)certificate issued ?
> I cannot use only one certificate for all since I have to be able to 
> revoke the certs with granularity.

If you don't want to use file/certificate per domain but the same time can't 
work arround it with a wildcard certificate it (imo) leaves just one 
option - to create a certificate including all the exact domains and 
whenever there are some changes (expiration or a new domain added) 
regenerate the cert.

p.s. you can do something like that even with non self-signed certificates - 
for example (while manually) Godaddy lets you add or remove domains to their 
"Multiple Domains UCC" certs (up to 100 domains) on the fly (the expiration 
of the whole cert remains).


More information about the nginx mailing list