Challenge - 5 Problems

🎖️

SNI Mastery Badge

Get all challenges correct to earn this badge!

Test your skills under time pressure!

💻 Command Output

intermediate

2:00remaining

Nginx SNI Configuration Output

Given the following Nginx server block configuration for two domains using SNI, what will be the output of curl -v https://site1.example.com assuming both certificates are valid and correctly installed?

Nginx

server {
    listen 443 ssl;
    server_name site1.example.com;
    ssl_certificate /etc/nginx/ssl/site1.crt;
    ssl_certificate_key /etc/nginx/ssl/site1.key;
}

server {
    listen 443 ssl;
    server_name site2.example.com;
    ssl_certificate /etc/nginx/ssl/site2.crt;
    ssl_certificate_key /etc/nginx/ssl/site2.key;
}

ASSL connection established with certificate for site2.example.com

BSSL connection established with certificate for site1.example.com

CSSL handshake fails with certificate mismatch error

DNginx returns 404 Not Found error

Attempts:

2 left

❓ Configuration

intermediate

2:00remaining

Correct Nginx SNI Server Block for Multiple Domains

Which of the following Nginx server block configurations correctly enables SNI for two domains with separate SSL certificates on the same IP and port?

server {
    listen 443;
    server_name domain1.com;
    ssl_certificate /etc/ssl/domain1.crt;
    ssl_certificate_key /etc/ssl/domain1.key;
}
server {
    listen 443;
    server_name domain2.com;
    ssl_certificate /etc/ssl/domain2.crt;
    ssl_certificate_key /etc/ssl/domain2.key;
}

server {
    listen 443 ssl;
    server_name domain1.com domain2.com;
    ssl_certificate /etc/ssl/domain1.crt;
    ssl_certificate_key /etc/ssl/domain1.key;
}

server {
    listen 443 ssl;
    server_name domain1.com;
    ssl_certificate /etc/ssl/domain1.crt;
    ssl_certificate_key /etc/ssl/domain1.key;
}
server {
    listen 443 ssl;
    server_name domain2.com;
    ssl_certificate /etc/ssl/domain2.crt;
    ssl_certificate_key /etc/ssl/domain2.key;
}

server {
    listen 443 ssl;
    server_name domain1.com;
    ssl_certificate /etc/ssl/domain2.crt;
    ssl_certificate_key /etc/ssl/domain2.key;
}
server {
    listen 443 ssl;
    server_name domain2.com;
    ssl_certificate /etc/ssl/domain1.crt;
    ssl_certificate_key /etc/ssl/domain1.key;
}

Attempts:

2 left

❓ Troubleshoot

advanced

2:00remaining

Diagnosing SSL Certificate Mismatch with SNI

A user reports that when accessing https://example.com, the browser shows a certificate warning for a different domain. The Nginx config has multiple server blocks with SSL certificates for different domains. What is the most likely cause?

AThe SSL certificates are expired and causing the mismatch warning.

BThe DNS for example.com is pointing to the wrong IP address.

CThe listen directive is missing 'ssl' in the server block for example.com.

DThe default server block is serving a certificate that does not match example.com because no server block matches example.com explicitly.

Attempts:

2 left

🔀 Workflow

advanced

2:00remaining

Steps to Enable SNI for Multiple SSL Sites on Nginx

What is the correct order of steps to enable SNI for multiple SSL sites on a single Nginx server?

A1,2,3,4

B3,1,2,4

C1,3,2,4

D2,1,3,4

Attempts:

2 left

✅ Best Practice

expert

2:00remaining

Best Practice for Managing Multiple SSL Certificates with SNI

Which practice is best to ensure smooth management and security when using SNI with multiple SSL certificates on Nginx?

AStore SSL certificates and keys in a dedicated, secure directory with proper permissions and automate renewal with tools like Certbot.

BUse a single wildcard certificate for all domains to simplify configuration.

CDisable SNI and use IP-based SSL to avoid certificate mismatches.

DCombine all domain certificates into one file and reference it in all server blocks.

Attempts:

2 left