Welcome! Log In Create A New Profile

Advanced

Dynamic ssl certificate ? (wildcard+ multiple different certs)

January 09, 2014 11:28AM
Hello,

Here is my current conf

server {
listen 443;

server_name ~^(.*)\.sub\.domain\.com$

ssl on;
ssl_certificate $cookie_ident/$1.crt;
ssl_certificate_key $cookie_ident/$1.key;
server_tokens off;

ssl_protocols TLSv1.2 TLSv1.1 TLSv1 SSLv3;
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
ssl_session_cache builtin:1000 shared:SSL:10m;

ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:RC4-SHA;

autoindex off;
root /upla/http/www.domain.com;
port_in_redirect off;
expires 10s;
#add_header Cache-Control "no-cache,no-store";
#expires max;
add_header Pragma public;
add_header Cache-Control "public";

location / {

try_files $uri /$request_uri =404;

}

}

I would like to be able to "load" the right cert according to the cookie set and request uri.

A sort of dynamic setting.

But of course, when I start nginx, it complains :
SSL: error:02001002:system library:fopen:No such file or directory:

Perfectly normal since $cookie_ident is empty and no subdomain has been requested.

So, what is the workaround I could use to avoid creating one file per new (self-signed)certificate issued ?

I cannot use only one certificate for all since I have to be able to revoke the certs with granularity.


How should I make it work ?

Thanks
Subject Author Posted

Dynamic ssl certificate ? (wildcard+ multiple different certs)

Larry January 09, 2014 11:28AM

Re: Dynamic ssl certificate ? (wildcard+ multiple different certs)

W-Mark Kubacki January 09, 2014 11:42AM

Re: Dynamic ssl certificate ? (wildcard+ multiple different certs)

Jonathan Matthews January 09, 2014 11:46AM

Re: Dynamic ssl certificate ? (wildcard+ multiple different certs)

Larry January 09, 2014 02:00PM

Re: Dynamic ssl certificate ? (wildcard+ multiple different certs)

António P. P. Almeida January 09, 2014 02:52PM

Re: Dynamic ssl certificate ? (wildcard+ multiple different certs)

Larry January 09, 2014 03:00PM

Re: Dynamic ssl certificate ? (wildcard+ multiple different certs)

Reinis Rozitis January 09, 2014 11:54AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 96
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready