Answer the question
In order to leave comments, you need to log in
E
E
Erelecano Oioraen2016-10-11 23:27:10
Erelecano Oioraen, 2016-10-11 23:27:10
Different certificates for different UAs on nginx. Is it possible to?
I wanted something weird. I want one UA to receive a certificate from LetsEncrypt, and another from StartSSL, I tried it head-on through if ($http_user_agent), nginx looked at me with square eyes and asked if I had fallen from a mighty oak. In the sense of the [emerg] "ssl_certificate" directive is not allowed here.
Is it possible, in principle, my strange desire, or do I need to see a doctor with such ideas?
UPD: I realized that first the connection is established and the certificate is transferred, and therefore it is impossible in its pure form. Can anyone offer their own solutions to such a strange desire?
1 answer(s)
@alsopub
A
Alexey, 2016-10-12 @alsopub
This is not possible with classic SSL, since one certificate is placed on one ip + port pair and the certificate is applied before any headers are transmitted.
Within the framework of SNI, it seems to me that this is also impossible, because if I understand correctly, this is about the same, only when a connection is established, the host name is specified.
What options do I see - two hosts www1.site.ru and www2.site.ru with different certificates (SNI or two IPs) and a redirect from www.site.ru (as well as from www1 and www2) depending on the user_agent.
Similar questions
E
D
D
S
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question