Issue with VirtualHost definition order and SNI SSL

Igor Sysoev is at rambler-co.ru
Tue Oct 27 19:24:16 MSK 2009


On Tue, Oct 27, 2009 at 12:55:34PM +0200, Iantcho Vassilev wrote:

> Here is my two ssl vhosts>>>
> 
> server {
>         listen  443;
>         ssl on;
>         ssl_certificate /usr/local/etc/pathTocrt;
>         ssl_certificate_key /usr/local/pathTokey;
> 
> 
>         server_name xxxxx.com www.xxxxxx.com
> ---------------------------------------------------------------------------------------------------
> 
> server {
>         listen  443;
>         ssl on;
>           ssl_certificate /usr/local/etc/pathTocrt2;
>      ssl_certificate_key /usr/local/pathTokey2;
> 
> 
>         server_name xxxxx2.com wwww.xxxxxx2.com
> 
> 
> Hope that helps..

As I understand Linmiao Xu <linmiao.xu at jhu.edu> is different man.
Well what is your case ? What browser do you use ?

I've just created my own ceritificate authority, have installed
the CA certificate in FF 3.0, then have created 2 certificate signed
by this authority. Both certificate works well wiht SNI without any message.

> 2009/10/27 Igor Sysoev <is at rambler-co.ru>
> 
> > On Mon, Oct 26, 2009 at 11:19:08PM -0700, ianchov wrote:
> >
> > >
> > > I built is successfully against SNI
> > > and the
> > > nginx -V 2>&1 | grep SNI
> > >
> > > is showing TLS SNI support enabled
> > >
> > > Howevever again i cannot manage to use two different SSL certificates on
> > two
> > > SSL listening on port 443..
> > > Any ideas???
> >
> > Could you show SSL part of
> >
> > vhosts/ssl_example.com.conf;
> > vhosts/ssl_alias.conf;
> >
> > ?
> >
> > > On Tue, Oct 27, 2009 at 08:08, Igor Sysoev [via nginx] <
> > > ml-node+3897241-1340561436 at n2.nabble.com<ml-node%2B3897241-1340561436 at n2.nabble.com>
> > <ml-node%2B3897241-1340561436 at n2.nabble.com<ml-node%252B3897241-1340561436 at n2.nabble.com>
> > >
> > > > wrote:
> > >
> > > > On Thu, Oct 22, 2009 at 06:28:19AM -0700, ianchov wrote:
> > > >
> > > > >
> > > > >
> > > > > Hi,
> > > > >
> > > > > I have build nginx with your command line options but still SNi does
> > not
> > > > > work.
> > > > > strings nginx | grep SSL show the new OpenSSL 9.9.8k
> > > > > I have the openssl src on a directory. SHould i install it or it is
> > > > enough
> > > > > that nginx is compiled against it??
> > > >
> > > > I meant not "strings nginx | grep SSL", but
> > > >             "strings nginx | grep SSL_get_servername".
> > > >
> > > > Anyway, try to build the lastest 0.8.21 or 0.7.63 and run
> > > >
> > > > nginx -V 2>&1 | grep SNI
> > > >
> > > >
> > >
> > > --
> > > View this message in context:
> > http://n2.nabble.com/Issue-with-VirtualHost-definition-order-and-SNI-SSL-tp3796531p3897261.html
> > > Sent from the nginx mailing list archive at Nabble.com.
> >
> > --
> > Igor Sysoev
> > http://sysoev.ru/en/
> >
> >

-- 
Igor Sysoev
http://sysoev.ru/en/





More information about the nginx mailing list