Welcome! Log In Create A New Profile

Advanced

Re: Dynamic/Wildcard SSL certificates with SNI ?

Gabriel L. Somlo
January 16, 2015 11:28AM
On Thu, 15 Jan 2015 21:13:21, Rainer Duffner wrote:
> > Am 15.01.2015 um 20:50 schrieb Gabriel L. Somlo <gsomlo@gmail.com>:
> >
> > There is no consistency across the set of vserver host names (and
> > therefore not much to be gained by using wildcards in the certificate
> > common or alt name fields).
>
> Just issue a certificate for *.*.* and always serve that.
>
> At least, until the CAB-forum decides this is a not a good idea and
> stops browsers from accepting it.
> I think the above certificate should still be legal, but I?m not 100% sure.

I'm afraid it's already too late for that :(

Since some of my vserver names look like "foo.com" and others like
"foo.bar.org", I already tried (using alt_names):

*.*, *.*.*

and

*.com, *.*.com, *.org, *.*.org, *.net, *.*.net

both forms causing warning popups on any recent (windows7-era) browser.

Apparently, the current policy in effect is not to accept tld-wide
wildcards, much less wildcards across ALL tlds ([*.]*.*).

Since I'm already mass-scripting the csr generation and cert signing
for each vserver, it should be really simple to script generating the
corresponding nginx config file, but allowing demand-driven, request-time
loading of certificate files would work around that enormous ugliness :)

Thanks,
--Gabriel

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Dynamic/Wildcard SSL certificates with SNI ?

Gabriel L. Somlo January 15, 2015 02:52PM

Re: Dynamic/Wildcard SSL certificates with SNI ?

Rainer Duffner January 15, 2015 03:14PM

Re: Dynamic/Wildcard SSL certificates with SNI ?

Gabriel L. Somlo January 16, 2015 11:28AM

RE: Dynamic/Wildcard SSL certificates with SNI ?

Lukas Tribus January 16, 2015 11:36AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 149
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready