Is it possible? or has it been forbidden in recent versions? Because I
tried
and it does not allow it.
Posted at Nginx Forum:
It is impossible, since the certificate has to be presented to the
client
before the server knows anything about the request.
And is it possible to use different certificates under different
subdomains
having the same tld?
Posted at Nginx Forum:
No I mean like foo.bar.com and fooz.bar.com where each subdomain is
declared
under different server blocks
Posted at Nginx Forum:
On 1 June 2013 17:18, natostanco [email protected] wrote:
No I mean like foo.bar.com and fooz.bar.com where each subdomain is declared
under different server blocks
Yes, that’s how nginx works.
Just use a different server_name and (unless you have a wildcard cert)
a different IP for each server{}.
Jonathan
I can’t use different ips, I tried with the server_names, but the
subdomain
just keeps using the certificate of the tld …
Posted at Nginx Forum:
You mean like foo.com and bar.com?
Of course - just use different server{} blocks with different SSL
certificates on different IPs.
Jonathan
That does not help because following that example I should use:
server {
listen 443 ssl;
server_name www.sub1.example.com;
ssl_certificate www.sub1.example.com.crt;
…
}
server {
listen 443 ssl;
server_name www.example.org;
ssl_certificate www.example.org.crt;
…
}
But the first server declaration does not apply the different
certificate,
instead it applies the certificate of the TLD, so I guess either I can’t
declare a server with server_name equal to a subdomain of an already
declared TLD.
Posted at Nginx Forum:
I read :
“With this configuration a browser receives the default server’s
certificate, i.e. www.example.com regardless of the requested server
name.
This is caused by SSL protocol behaviour. The SSL connection is
established
before the browser sends an HTTP request and nginx does not know the
name
of the requested server. Therefore, it may only offer the default
server’s
certificate.”
Clear enough IMHO…
B. R.
On 1 June 2013 18:32, natostanco [email protected] wrote:
I guess either I can’t
declare a server with server_name equal to a subdomain of an already
declared TLD.
That’s not the case. Nginx can do this just fine.
You’re coming up against the age-old SSL virtual hosting problem,
which is caused by the server’s SSL certificate having to be presented
to the client before the Host header is known. This is a problem for
all HTTP servers, and is the reason why (for most cases) you need
multiple IPs when hosting multiple sites over HTTPS. There are
exceptions to this, and your situation happens to be one of these.
Google “wildcard SSL certificate” to discover the sort of cert you’d
have to buy to take advantage of this.
“SNI” is the long-term fix for this, but as client support for it is
not yet near ubiquitous, it’s probably not applicable to your
situation. If you absolutely control all the clients, it can be an
option.
HTH,
Jonathan
I know I would need a wildcard ssl yet…every application of SNI I have
found uses different TLD, and never only different subdomains…anyway I
have control over all the clients.
Posted at Nginx Forum: