> So, what is the workaround I could use to avoid creating one file per new
> (self-signed)certificate issued ?
> I cannot use only one certificate for all since I have to be able to
> revoke the certs with granularity.

If you don't want to use file/certificate per domain but the same time can't
work arround it with a wildcard certificate it (imo) leaves just one
option - to create a certificate including all the exact domains and
whenever there are some changes (expiration or a new domain added)
regenerate the cert.


p.s. you can do something like that even with non self-signed certificates -
for example (while manually) Godaddy lets you add or remove domains to their
"Multiple Domains UCC" certs (up to 100 domains) on the fly (the expiration
of the whole cert remains).

rr

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx