> Am 15.01.2015 um 20:50 schrieb Gabriel L. Somlo <gsomlo@gmail.com>:
>
> Hi,
>
> I'm working on a "Web simulator" designed to serve a large number of
> web sites on a private, self-contained network, where I'm also in
> control of issuing SSL certificates.
>
> The relevant bits of my nginx.conf look like this:
>
> server {
> listen 80 default_server;
> server_name $http_host;
> root /var/www/vservers/$http_host;
> index index.html index.htm;
> }
>
> ssl_certificate_key /var/www/vserver_certs/vserver.key;
>
> server {
> listen 443 default_server;
> ssl on;
> ssl_certificate /var/www/vserver_certs/vserver.cer;
> server_name $http_host;
> root /var/www/vservers/$http_host;
> index index_html index.htm;
> }
>
>
> There is no consistency across the set of vserver host names (and
> therefore not much to be gained by using wildcards in the certificate
> common or alt name fields).



Just issue a certificate for *.*.* and always serve that.

At least, until the CAB-forum decides this is a not a good idea and stops browsers from accepting it.
I think the above certificate should still be legal, but I’m not 100% sure.



_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx