Multiple ssl certs for the same IP?
zellster at gmail.com
Sun May 4 21:02:22 MSD 2008
As far as I know, you will need a wildcard certificate (*.mydomain.com).
There is a chicken-and-egg problem in that nginx needs to see the request
URL before deciding which cert to use in the handshake. However, nginx
cannot see the URL until the handshake has been completed. See
http://wiki.apache.org/httpd/NameBasedSSLVHosts for more details.
On Sun, May 4, 2008 at 9:54 AM, Rt Ibmer <rtibmx at yahoo.com> wrote:
> I have foo.mydomain.com and bar.mydomain.com that both resolve to the same
> IP, which is answered by nginx.
> Now I want to add SSL support to nginx so that it'll receive requests over
> ssl 443 for both fully qualified domains while still communicating with my
> backends over regular http (non-ssl).
> So I will get two SSL certificates - one for foo.mydomain.com and the
> other for bar.mydomain.com. However according to the config file the SSL
> settings for the key files are defined at the "server" declaration-block
> level. And in my case I have just one "server" block that is used for both
> foo.mydomain.com and bar.mydomain.com.
> So my question is regarding these such settings:
> ssl on;
> ssl_certificate cert.pem;
> ssl_certificate_key cert.key;
> How can I tell nginx to use the pem and keyfiles for foo.mydomain.com AND
> bar.mydomain.com when the same "server" is listening for both FQDN domains
> (remember, both FQDN's resolve to the same IP and it will stay that way for
> some time to come. Over time I may split these out).
> Also it may be important to mention that I am NOT doing anything with
> virtual servers or host headers. Rather, nginx routes the requests for both
> FQDNs solely by using the nginx "location" directive to serve content based
> on the path to the requested file.
> So in summary, I get some requests like this:
> and bar and foo resolve to the same IP and nginx serves both based on that
> IP and location matches, in some cases passing requests to upstream servers
> and in other cases serving the content itself. And now I need to add SSL
> support using two signed certificates and have nginx use the correct one
> when requests come in. I hope I have explained this ok!
> Be a better friend, newshound, and
> know-it-all with Yahoo! Mobile. Try it now.
zellster at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx