Nginx 0.7.65 + OpenSSL 0.9.8k = SNI support?

Question

Nginx 0.7.65 + OpenSSL 0.9.8k = SNI support?

general

forum:bitinn 14 years, 3 months ago

Hi guys,

I have been wondering, does the following setting support SNI (Server Name Indication) ?

Nginx 0.7.65

OpenSSL 0.9.8k

nginx -V: indicates it has SNI enabled.

openssl version -a: I don't know which parameter to check, but I am pretty sure openssl 0.9.8j+ has SNI support compiled by default.

but when I try to add different SSL certificates, only one certificate is passed for all vhosts (ie. different domains), which of course produce certificate mis-match error.

I use Firefox 3.6.3, which should support SNI natively.

I have also done the same thing with apache2 before, which works on firefox.

I have no idea what I am missing from nginx vhost conf. file.

listen 443;

ssl on;

ssl_certificate /etc/nginx/ssl/www.domain.tld.crt;

sslcertificatekey /etc/nginx/ssl/www.domain.tld.key;

Any ideas?

1 Reply

forum:bitinn · Answer 1 · June 7, 2010, 12:54 p.m.

forum:bitinn 14 years, 3 months ago

just a quick update for ppl interested:

It does work! With default package! No compile headache!

though you should make sure you have correct setting for each vhost (ie. server {…} in nginx)

ref: http://wiki.nginx.org/NginxHttpSslModule

Compute

Storage

Databases

Networking

Developer Tools

Delivery

Security

Services

Industries

Pricing

Community

Engage With Us

Nginx 0.7.65 + OpenSSL 0.9.8k = SNI support?

1 Reply

Reply

Tips: