Hi all,
This is my environment :
CentOS release 6.4 (Final) , nginx-1.8.1-1.el6.ngx.x86_64
[quote]
nginx -V
nginx version: nginx/1.8.1
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
[/quote]
I have 2 web sites : website1 (multi sub domain abc.website1.com , xyz.website1.com) and website2 (single domain website2.com) , this is nginx configuration:
[quote]
server {
# website1 redirect http to https
listen ip:80;
server_name *.website1.com;
return 301 https://$host$request_uri;
}
server {
# website2 redirect http to https
listen ip:80;
server_name website2.com;
return 301 https://$host$request_uri;
}
server {
listen ip:443 ssl;
ssl_certificate path-to-website1-wildcard-certificate-file;
ssl_certificate_key path-to-website1-pricatekey-file;
ssl_session_cache shared:SSL:10m;
server_name *.website1.com;
...
}
server {
listen ip:443 ssl;
ssl_certificate path-to-website2-single-domain-certificate-file;
ssl_certificate_key path-to-website2-pricatekey-file;
ssl_session_cache shared:SSL:10m;
server_name website2.com;
...
}
[/quote]
Everything works fine. Now I purchased wildcard certificate for website2, so I change configuration :
[quote]
server {
# website1 redirect http to https
listen ip:80;
server_name *.website1.com;
return 301 https://$host$request_uri;
}
server {
# website2 redirect http to https
listen ip:80;
server_name *.website2.com;
return 301 https://$host$request_uri;
}
server {
listen ip:443 ssl;
ssl_certificate path-to-website1-wildcard-certificate-file;
ssl_certificate_key path-to-website1-pricatekey-file;
ssl_session_cache shared:SSL:10m;
server_name *.website1.com;
...
}
server {
listen ip:443 ssl;
ssl_certificate path-to-website2-wildcard-certificate-file;
ssl_certificate_key path-to-website2-pricatekey-file;
ssl_session_cache shared:SSL:10m;
server_name *.website2.com;
...
}
[/quote]
After reload, I can access to https://website1.com successfully but when I access to https://website2.com I get error about certificate points to wrong domain. I add exception and find out that nginx use website1 wildcard certificate for website2 requests/response.
I don't understand why nginx doesn't handle 2 different wildcard certificates for 2 different wildcard domains, is it normal ? Or I did something wrong ?
Now I have to change configuration with website2 to :
[quote]
server {
# website2 redirect http to https
listen ip:80;
server_name website2.com abc.website2.com xyz.website2.com;
return 301 https://$host$request_uri;
}
server {
listen ip:443 ssl;
ssl_certificate path-to-website2-wildcard-certificate-file;
ssl_certificate_key path-to-website2-pricatekey-file;
ssl_session_cache shared:SSL:10m;
server_name website2.com abc.website2.com xyz.website2.com;
...
}
[/quote]
to pass through problem temporary.
Can anyone give me some advice ? Thank you very much.
This is my environment :
CentOS release 6.4 (Final) , nginx-1.8.1-1.el6.ngx.x86_64
[quote]
nginx -V
nginx version: nginx/1.8.1
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
[/quote]
I have 2 web sites : website1 (multi sub domain abc.website1.com , xyz.website1.com) and website2 (single domain website2.com) , this is nginx configuration:
[quote]
server {
# website1 redirect http to https
listen ip:80;
server_name *.website1.com;
return 301 https://$host$request_uri;
}
server {
# website2 redirect http to https
listen ip:80;
server_name website2.com;
return 301 https://$host$request_uri;
}
server {
listen ip:443 ssl;
ssl_certificate path-to-website1-wildcard-certificate-file;
ssl_certificate_key path-to-website1-pricatekey-file;
ssl_session_cache shared:SSL:10m;
server_name *.website1.com;
...
}
server {
listen ip:443 ssl;
ssl_certificate path-to-website2-single-domain-certificate-file;
ssl_certificate_key path-to-website2-pricatekey-file;
ssl_session_cache shared:SSL:10m;
server_name website2.com;
...
}
[/quote]
Everything works fine. Now I purchased wildcard certificate for website2, so I change configuration :
[quote]
server {
# website1 redirect http to https
listen ip:80;
server_name *.website1.com;
return 301 https://$host$request_uri;
}
server {
# website2 redirect http to https
listen ip:80;
server_name *.website2.com;
return 301 https://$host$request_uri;
}
server {
listen ip:443 ssl;
ssl_certificate path-to-website1-wildcard-certificate-file;
ssl_certificate_key path-to-website1-pricatekey-file;
ssl_session_cache shared:SSL:10m;
server_name *.website1.com;
...
}
server {
listen ip:443 ssl;
ssl_certificate path-to-website2-wildcard-certificate-file;
ssl_certificate_key path-to-website2-pricatekey-file;
ssl_session_cache shared:SSL:10m;
server_name *.website2.com;
...
}
[/quote]
After reload, I can access to https://website1.com successfully but when I access to https://website2.com I get error about certificate points to wrong domain. I add exception and find out that nginx use website1 wildcard certificate for website2 requests/response.
I don't understand why nginx doesn't handle 2 different wildcard certificates for 2 different wildcard domains, is it normal ? Or I did something wrong ?
Now I have to change configuration with website2 to :
[quote]
server {
# website2 redirect http to https
listen ip:80;
server_name website2.com abc.website2.com xyz.website2.com;
return 301 https://$host$request_uri;
}
server {
listen ip:443 ssl;
ssl_certificate path-to-website2-wildcard-certificate-file;
ssl_certificate_key path-to-website2-pricatekey-file;
ssl_session_cache shared:SSL:10m;
server_name website2.com abc.website2.com xyz.website2.com;
...
}
[/quote]
to pass through problem temporary.
Can anyone give me some advice ? Thank you very much.