Multiple SSLs on the same domain?

D

De YURII2018-04-10 22:36:29

Digital certificates

De YURII, 2018-04-10 22:36:29

Is it possible to "push" several certificates into one file on nginx?
What's the point of this?
I have 2 domains, sub1.example.com and sub2.example.com, they used to work separately, now one example.com domain is responsible for 2 subdomains (in other words: 2 subdomains are generated dynamically). I have 2 certificates for them, for these domains, the question is: do I need to buy WILD or can 2 certificates be registered in one on the main domain example.com?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

K

ky0, 2018-04-10
@ky0

There are certificates issued for several domain names (the same LE can do this).
You can "push" several certificates into one file, but this is done to provide the next certificates in the chain of trust, and not additional certificates for other domains.
The fact that you have something dynamically generated does not change the essence of the matter - the domain name in the certificate must match the one opened in the browser, otherwise you will get an error.

K

key don, 2018-04-10
@keydon2

Or give different certificates (SNI) to different domains.
Or there must be one certificate for several listed domains / wildcard.

C

CityCat4, 2018-04-11
@CityCat4

One certificate can certify several different names. This is called SAN - Subject Alternative Name and they are set when creating a certificate request. You cannot change anything in the certificate. It makes no sense to combine two certificates into one file in your case - they are combined when it is necessary that in order to check the correctness of the certificate in one file there is a certificate and all certificates of the CA that issued it up to the root.
I don’t know how LE does it, but in ordinary CAs it is indicated that the certificate supports SAN, and in your own CA it is clear that you yourself return what you want.