How and where to terminate 15,000+ certificate?


#1

Hello All,

I get new domains added/removed to my platform every day so I need to be able to terminate those SSLs properly. I have generated 15,000+ certificate and I use nginx to terminate them.

Issue that I am having is: when I get a new certificate, It takes 2-3 minutes to reload nginx. When server is under high load, it takes much more than that.

Running nginx reload multiple times has some side effects as well so I was wondering to find out what is the best way to terminate a lot of SSL certs. ? HA proxy? Nginx? Something else?

Appreciated for any advice.


#2

This might help - https://github.com/openresty/lua-nginx-module/#ssl_certificate_by_lua_block

For web servers serving many (like millions of) https sites, it is often desired to lazily load and cache the SSL certificate chain and private key data for the https sites actually being served by a particular server. This Lua module provides API to support such use cases in the context of the ssl_certificate_by_lua* directive.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.