Multiple ssl certs for the same IP?

Grzegorz Nosek grzegorz.nosek at gmail.com
Sun May 4 21:12:00 MSD 2008


On Sun, May 04, 2008 at 09:54:41AM -0700, Rt Ibmer wrote:
> How can I tell nginx to use the pem and keyfiles for foo.mydomain.com AND bar.mydomain.com when the same "server" is listening for both FQDN domains (remember, both FQDN's resolve to the same IP and it will stay that way for some time to come.  Over time I may split these out).

AFAIK this is impossible without some new (and not widely supported)
extensions to the SSL protocol. Please remember that the SSL negotiation
takes place before nginx can read the headers (which contain vhost
information). The extensions are described in RFC 4366.

You can specify several server blocks with the same listen ip:port
directive but it won't help you a bit with https, actually.

Nginx will use the certificate from the first server block configured to
listen on each IP address (well, maybe not the first, but only from a single
one, for reasons outlined above).

Your best bet would be to get a wildcard certificate for *.mydomain.com.

Best regards,
 Grzegorz Nosek





More information about the nginx mailing list