Multiple SSL

Calomel nginxlist at calomel.org
Thu May 29 18:57:42 MSD 2008


Chris,

Getting multiple ips for one physically system to multiple virtual
domains should not be a problem. Once you have the ips then have each
Nginx server {...} section listen to a separate ip and define its own
SSL cert.

--
  Calomel @ https://calomel.org
  Open Source Research and Reference


On Wed, May 28, 2008 at 07:17:33PM -0700, Eire Angel wrote:
>   Yes I am using one IP with multiple domains/certs
>   so depending on the server and if i can get another IP
>   I'm pretty certain Virtual servers can get more IP's w/o
>   adding hardware?
>
>   "nginx cannot see the URL until the
>   handshake has been completed"
>
>   makes sense for customer security
>
>   Calomel <nginxlist at calomel.org> wrote:
>
>     Chris,
>
>     Are you using one ip address for multiple domain/ssl certs? If so, I
>     believe you may need to assign each cert to a separate ip.
>
>     Are you using a separate host names in one domain? You might need a
>     wild card certificate (*.yourdomain.com). There is a problem in that
>     nginx needs to see the request URL before deciding which cert to use
>     in the handshake. However, nginx cannot see the URL until the
>     handshake has been completed. See
>     http://wiki.apache.org/httpd/NameBasedSSLVHosts for more details.
>
>     If you get it working or you have a different setup then send mail to
>     the list.
>
>     --
>     Calomel @ https://calomel.org
>     Open Source Research and Reference
>
>     On Wed, May 28, 2008 at 08:07:38AM -0700, Eire Angel wrote:
>     > I just added a second SSL site to Nginx uising two different certs.
>     The
>     > problem is that both sites are pulling the one cert. I have each of
>     them
>     > served on 443 and serving their own domains. Just like i would think
>     port
>     > 80 to work with multiple sites but its not. Is there another port i
>     > should use for the second instance say 444 ? and just action that in
>     rails
>     > ? anyone experience similar ?
>     >
>     > Chris





More information about the nginx mailing list