1

我在 nginx 下有一个以这种方式配置的站点(一个 IP 上的两个域):

server {
  listen   443;

  ssl on;
  ssl_certificate /etc/ssl/certs/oldsite.com.pem;
  ssl_certificate_key /etc/ssl/private/oldsite.com.ca.key;

  server_name oldsite.ca;

  rewrite ^(.*) https://newsite.com$1 permanent;
}

server {
  listen   443;

  ssl on;
  ssl_certificate /etc/ssl/certs/newsite.com.pem;
  ssl_certificate_key /etc/ssl/private/newsite.com.ca.key;

  server_name newsite.com

  ...
}

出于某种原因,IE(尝试使用 IE9)只看到配置的第一个证书,所以如果我转到https://newsite.com,我会收到带有 oldsite.com 证书的证书无效消息。如果我更改服务器块的顺序,https: //newsite.com 工作正常,但重定向(重写)没有(现在它只看到 newsite.com 证书,所以它当然抱怨它在点击时无效oldsite.com)。

任何想法,为什么(除了只是 IE)它看不到各自域的两个证书?

4

1 回答 1

3

You're visibly trying to use Server Name Indication, to be able to use multiple certificates on the same IP address/port combination. You should check that your version of nginx supports it (as described in the documentation).

This should be supported by IE 9 on Windows Vista and 7, but it's not supported on any version of IE on XP.

于 2012-07-20T16:23:03.860 回答