We have a SSL offloader (nginx) with different certificates for different machines and subdomains. It encrypts and redirects all the traffic to the corresponding machines.
It works OK with all browsers I've tryed (IE10, Firefox, Safari, Chrome), but IE8 says that the certificate is not valid because it is signed for a different machine.
Explanation: We only have one public IP so we have different subdomains all pointing to the SSL offloader machine. And SSL offloader redirects and encrypts the traffic to different machines in the local network depending on the URL the user asks.
The problem is that IE8 takes the first subdomain alphabetically, so if you ask for other than first one, it says the certificate isn't valid because de fqdn doesn't match.
Thanks in advance.
Best Answer
In order to have multiple certificates on one IP, you must be using SNI (Server Name Indication).
Internet Explorer 8 does not support SNI. Neither does Android 2.x.
If you have to support IE8, you'll need either a single multi-domain certificate (sometimes called UCC) or different IPs per cert.