Several ssl certs -> trouble

Server NGINX
1

Hi,

i installed nginx having 5-6 domains set up, each w/ some subdomains,
runs well !

now that i added some ssl-certificates, i noticed, that the server seems
to use the same cert for all 443 serversettings.

example, i have www.domain.tld and sub.domain.tld.
using the www… i get a pass on validation, sub instead, claims that the
cert is for www. only.

now is ee, there are different ssl-certs given in config and with
different contents. reading the certdata also displays the sub instead
of www for the 2nd cert.

Since i am completely new to nginx and ssl itself, i wonder 1)how to
solve this or 2) what information i can provide in order to get a
solution for solving this issue.

my structur is:

nginx.conf: include /etc/nginx/sites-and-settings/*;

in sites-and-settings, thers a file for each domain, like
net.domain.www, net.domain.tld and so on.
each contending at least one server { } part, one for :80 and one for
:443.

if anyone cares - or it matters :wink:

Kind Regards so far
inbreed

Posted at Nginx Forum:

2

Make sure you give the IP address when listening on port 443. (I
believe this is only necessary when you’re using multiple certs on a
single box.) Each SSL cert needs its own IP. Until the browser
vendors (IE in specific) support multiple certs being hosted on a
single IP.

www.domain.tld

server {
listen 1.2.3.4:443;

}

sub.domain.tld

server {
listen 1.2.3.5:443;

}

This is due to the way the SSL handshake works. The domain isn’t sent
along with the original request – only the IP. So basically the
browser says “show me the certificate for this IP”, at which point the
server doesn’t know what domain the browser is expecting the
certificate to be for. That’s where a domain mismatch certificate
error will show up.

Nick

3

Can you show your config for www and sub?

4

thank you so far!

what i forgott to say was, that both domains (sub and www) have their
own IP address. but i will give it a try…

well now, i tried!

still the same behaviour! :confused:

Posted at Nginx Forum:

5

On Thu, Sep 10, 2009 at 10:29:23AM -0400, inbreed wrote:

Since i am completely new to nginx and ssl itself, i wonder 1)how to solve this or 2) what information i can provide in order to get a solution for solving this issue.

my structur is:

nginx.conf: include /etc/nginx/sites-and-settings/*;

in sites-and-settings, thers a file for each domain, like net.domain.www, net.domain.tld and so on.
each contending at least one server { } part, one for :80 and one for :443.

if anyone cares - or it matters :wink:

http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47

6

oh i guess i found out what happened!

i assigned some old ips to my domainnames in /etc/hosts… since i used
servername www.foo.bar www; etc, i guess that was the mess!

now it works!

Thanks for your time Nick!

and sorry for this pebcak

Posted at Nginx Forum: