Welcome! Log In Create A New Profile

Advanced

Multiple certificates in one server block?

Posted by Olaf van der Spek 
Olaf van der Spek
Multiple certificates in one server block?
August 04, 2017 02:50PM
How do I set multiple certificates (for different names) in a single server
block?
I can easily set multiple server_names but there seems no way to set
multiple certificates..
Is the only way to have all names in a single certificate? If so, is this an
nginx, an openssl or a TLS limitation?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275855,275855#msg-275855

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Jeff Dyke
Re: Multiple certificates in one server block?
August 04, 2017 03:40PM
i assume you have some sort of UCC certificate, if so you should be able to
use it with multiple server_names, but have multiple ssl_certificates in a
single server block is a limitation of nginx from what i understand. Most
relavant information is here:
https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate, as
there are too many quesitons regarding your certs, if you use SNI etc.

HTH

On Fri, Aug 4, 2017 at 8:39 AM, Olaf van der Spek <
nginx-forum@forum.nginx.org> wrote:

> How do I set multiple certificates (for different names) in a single server
> block?
> I can easily set multiple server_names but there seems no way to set
> multiple certificates..
> Is the only way to have all names in a single certificate? If so, is this
> an
> nginx, an openssl or a TLS limitation?
>
> Posted at Nginx Forum: https://forum.nginx.org/read.
> php?2,275855,275855#msg-275855
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Olaf van der Spek
Re: Multiple certificates in one server block?
August 04, 2017 03:40PM
I'm using letsencrypt and have multiple certs with a single name in them..
If I had one cert with multiple names we'd not be having this problem.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275855,275858#msg-275858

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Jim Ohlstein
Re: Multiple certificates in one server block?
August 04, 2017 03:50PM
Hello,

On 08/04/2017 09:36 AM, Olaf van der Spek wrote:
> I'm using letsencrypt and have multiple certs with a single name in them..
> If I had one cert with multiple names we'd not be having this problem.
>

Letsencrypt allows multiple domain names in the same certificate.

As for nginx, it allows multiple certificate definitions if say you have
both an ECDSA certificate and a RSA certificate. The only time I've done
that is when the domain names matched in the two.

--
Jim Ohlstein
Professional Mailman Hosting
https://mailman-hosting.com

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Jeff Dyke
Re: Multiple certificates in one server block?
August 04, 2017 03:50PM
Jim is correct, letsencrypt supports that ....wow, sorry for trying to
help, that was a bit caustic, that information would be helpful in the
original question. Enjoy the weekend.

On Fri, Aug 4, 2017 at 9:40 AM, Jim Ohlstein <jim@mailman-hosting.com>
wrote:

> Hello,
>
> On 08/04/2017 09:36 AM, Olaf van der Spek wrote:
> > I'm using letsencrypt and have multiple certs with a single name in
> them..
> > If I had one cert with multiple names we'd not be having this problem.
> >
>
> Letsencrypt allows multiple domain names in the same certificate.
>
> As for nginx, it allows multiple certificate definitions if say you have
> both an ECDSA certificate and a RSA certificate. The only time I've done
> that is when the domain names matched in the two.
>
> --
> Jim Ohlstein
> Professional Mailman Hosting
> https://mailman-hosting.com
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Olaf van der Spek
Re: Multiple certificates in one server block?
August 04, 2017 03:50PM
Jim Ohlstein Wrote:
> Letsencrypt allows multiple domain names in the same certificate.

I know, just wondering if nginx supported multiple certs per server.

My problem:
I've got multiple servers and I'd like the servers to be accessible via the
common name (ex.com) and via their dedicated name (a.ex.com, b.ex.com, etc).
How do I do this with letsencrypt?
If I use certbot the verification request might / will be server by another
host and will thus fail.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275855,275860#msg-275860

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
B.R. via nginx
Re: Multiple certificates in one server block?
August 07, 2017 07:40PM
Jim already replied with his ECDSA+RSA example in a single server block.
You can also serve several names from a single server block.

However, I never tested serving a certificate for several domains all
served by the same virtual server block. I *suppose* nginx might be clever
enough to select the right certificate(s) to serve. ANyone to test that?
Anyway, for that to work, you will need to ensure both ends support SNI
with their TLS library.
First impressions, though: it does not look as an ideal setup to me, as it
most probably will end up in a spaghetti configuration nightmare. It
depends, as always. A long (potentially repetitive), clear (as in 'server
block-complete'), nginx configuration properly managed through
configuration management tools will always appeal the most to me for
debugging purposes.
---
*B. R.*

On Fri, Aug 4, 2017 at 3:47 PM, Olaf van der Spek <
nginx-forum@forum.nginx.org> wrote:

> Jim Ohlstein Wrote:
> > Letsencrypt allows multiple domain names in the same certificate.
>
> I know, just wondering if nginx supported multiple certs per server.
>
> My problem:
> I've got multiple servers and I'd like the servers to be accessible via the
> common name (ex.com) and via their dedicated name (a.ex.com, b.ex.com,
> etc).
> How do I do this with letsencrypt?
> If I use certbot the verification request might / will be server by another
> host and will thus fail.
>
> Posted at Nginx Forum: https://forum.nginx.org/read.
> php?2,275855,275860#msg-275860
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login