We use nginx for SSL termination and rotate ssl certificate yearly. But whenever we rotate we send notification to user about date and time when we are going to apply the change and they have to make changes on their end at same time. There are few enterprise tools which few customers use, and they need same certificate loaded in their trust store.
So I wanted to check if there is any way to deploy two certificates on one domain temporarily like for a week. For that period both the certificate works, so customers can move to newer certificate over that period. May be some kind of certificate chaining or something which can help us solve this problem.
PS: I am sorry if sounds too stupid, just want to listen others view on this problem.