I am having an nginx docker with which I would be spinning up multiple servers on different IP's . But the targeted clients to make call to this server would be just two always. I am trying out SSL to enable the security for my server.
For trying SSL locally. I created a self signed certificate with my local IP 127.0.0.1 and configured that in my nginx.config. I used the generated certificate in my python request to my server as below and i was able to get right response.
resp = requests.get(uri, verify='newserv.crt')
I generated key using the commands as below
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout newserv.key -out newserv.crt -config ssl_config.cnf
ssl_config content looks like below
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
countryName = XX
stateOrProvinceName = N/A
localityName = N/A
organizationName = NginxProxy
[req_ext]
subjectAltName = @alt_names
[v3_req]
subjectAltName = @alt_names
[alt_names]
IP.1 = 127.0.0.1
I am having a script with in nginx to update the ssl_config for each IP that it gets hosted so then SSL_config would look like below
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
countryName = XX
stateOrProvinceName = N/A
localityName = N/A
organizationName = NginxProxy
[req_ext]
subjectAltName = @alt_names
[v3_req]
subjectAltName = @alt_names
[alt_names]
IP.1 = "hostedIP"
and the script would handle generating certificate with the latest ssl_config
Is there a way I could have the client authenticate all these servers using one genertic certificate. such that i dont need to make any change on client side everytime when i have new server deployed with the new IP.
