SNI: ssl_error_bad_cert_domain on https://<IP>
173279834462
nginx-forum at nginx.us
Sat Feb 28 17:51:14 UTC 2015
premisses
-------------
nginx version: nginx/1.7.10
TLS SNI support enabled
Serving vhosts
each vhost has own registered certificate
each vhost works as expected
task
-----
Obtain 444 from [http|https]://<IP-ADDRESS>.
case http://<IP-ADDRESS>
--------------------------------------
configuration:
server {
listen 80;
server_name _;
root /dev/null;
return 444;
}
It returns 444, and we are happy about it.
case https://<IP-ADDRESS>
---------------------------------------
No additional configuration.
It returns the following:
< <IP-ADDRESS> uses an invalid security certificate.
< The certificate is only valid for the following names:
<
< www.example.com example.com
<
< (Error code: ssl_error_bad_cert_domain)
where "example.com" is a random? host from our pool of vhosts, and
its registered certificate is served for the IP-ADDRESS by nginx's SNI.
Indeed, this is the problem at hand.
The following does not help at all,
server {
#listen 80;
listen 443 ssl;
ssl_certificate_key /etc/ssl/<IP-ADDRESS>/www.key;
ssl_certificate /etc/ssl/<IP-ADDRESS>/www.pem;
server_name _;
root /dev/null;
return 444;
}
For the sake of proper administration, www.key/pem is a self-signed
certificate with included e-mail "hostmaster@<IP-ADDRESS>", and
an e-mail address has been created on purpose.
Can you replicate this problem?
Are there any known solutions?
Thank you for your time.
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,256957,256957#msg-256957
More information about the nginx
mailing list