Prevent Chrome SSL Domain Mismatch Warning When Redirecting

Jonathan Matthews contact at
Wed Jan 2 21:33:57 UTC 2013

On 2 January 2013 21:16, Chris Irish <supairish at> wrote:
> Hello,
>     I have a SSL cert setup for a domain with no subdomain, i.e.
>  And a server block setup to redirect all https 'www'
> subdomain requests to the non subdomain server block.  This works fine in
> Safari, FF, etc.  But Chrome gives me a certificate domain name mismatch
> warning ( The big red warning screen )  How can I prevent this?  It's like
> Chrome checks the SSL cert name before even following the nginx redirect.

Of course it does. That's how SSL works.

You're serving up the certificate for where browsers
(it's not just Chrome!) are expecting one that identifies itself as
belonging to You need to serve up a certificate
that matches in its Common Name (CN) or Subject
Alternative Name (SAN), just for the redirect listener block.

If you only have a single IP to serve both :443 listeners, by the way,
you're out of luck with your current cert. You'd have to find an SSL
vendor who'll sell you a single cert with (say) in the
CN and in the SAN. This may be more expensive than
you'd expect and - to be honest - I wouldn't bother.

Jonathan Matthews // Oxford, London, UK

More information about the nginx mailing list