Welcome! Log In Create A New Profile

Advanced

Re: Dynamic/Wildcard SSL certificates with SNI ?

Rainer Duffner
January 15, 2015 03:14PM
> Am 15.01.2015 um 20:50 schrieb Gabriel L. Somlo <gsomlo@gmail.com>:
>
> Hi,
>
> I'm working on a "Web simulator" designed to serve a large number of
> web sites on a private, self-contained network, where I'm also in
> control of issuing SSL certificates.
>
> The relevant bits of my nginx.conf look like this:
>
> server {
> listen 80 default_server;
> server_name $http_host;
> root /var/www/vservers/$http_host;
> index index.html index.htm;
> }
>
> ssl_certificate_key /var/www/vserver_certs/vserver.key;
>
> server {
> listen 443 default_server;
> ssl on;
> ssl_certificate /var/www/vserver_certs/vserver.cer;
> server_name $http_host;
> root /var/www/vservers/$http_host;
> index index_html index.htm;
> }
>
>
> There is no consistency across the set of vserver host names (and
> therefore not much to be gained by using wildcards in the certificate
> common or alt name fields).



Just issue a certificate for *.*.* and always serve that.

At least, until the CAB-forum decides this is a not a good idea and stops browsers from accepting it.
I think the above certificate should still be legal, but I’m not 100% sure.



_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Dynamic/Wildcard SSL certificates with SNI ?

Gabriel L. Somlo January 15, 2015 02:52PM

Re: Dynamic/Wildcard SSL certificates with SNI ?

Rainer Duffner January 15, 2015 03:14PM

Re: Dynamic/Wildcard SSL certificates with SNI ?

Gabriel L. Somlo January 16, 2015 11:28AM

RE: Dynamic/Wildcard SSL certificates with SNI ?

Lukas Tribus January 16, 2015 11:36AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 133
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready