Dynamic ssl certificate ? (wildcard+ multiple different certs)

Larry nginx-forum at nginx.us
Thu Jan 9 16:28:02 UTC 2014


Hello,

Here is my current conf 

server {
		listen   443;
		
		server_name ~^(.*)\.sub\.domain\.com$

		ssl    on;
		ssl_certificate    $cookie_ident/$1.crt; 
		ssl_certificate_key    $cookie_ident/$1.key;
		server_tokens off;
		
		ssl_protocols TLSv1.2 TLSv1.1 TLSv1 SSLv3;
		ssl_prefer_server_ciphers on;
		ssl_session_timeout 5m;
		ssl_session_cache builtin:1000 shared:SSL:10m;

		ssl_ciphers
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:RC4-SHA;


		autoindex off;
		root /upla/http/www.domain.com;
		port_in_redirect off;
		expires 10s;
		#add_header Cache-Control "no-cache,no-store";
		#expires max;
        add_header Pragma public;
        add_header Cache-Control "public";
		
		location / {
			
			try_files $uri /$request_uri =404;

		}

}

I would like to be able to "load" the right cert according to the cookie set
and request uri.

A sort of dynamic setting.

But of course, when I start nginx, it complains : 
SSL: error:02001002:system library:fopen:No such file or directory:

Perfectly normal since $cookie_ident is empty and no subdomain has been
requested.

So, what is the workaround I could use to avoid creating one file per new
(self-signed)certificate issued ?

I cannot use only one certificate for all since I have to be able to revoke
the certs with granularity.


How should I make it work ?

Thanks

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,246178,246178#msg-246178



More information about the nginx mailing list