Mercurial > hg > nginx-site
comparison xml/en/docs/http/configuring_https_servers.xml @ 593:130fad6dc1b4
Replaced the uses of "url" element with "literal".
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Thu, 19 Jul 2012 05:17:45 +0000 |
parents | 764fbac1b8b4 |
children | bd81a71006fe |
comparison
equal
deleted
inserted
replaced
592:d40371689c1c | 593:130fad6dc1b4 |
---|---|
202 /CN=http://www.valicert.com//emailAddress=info@valicert.com | 202 /CN=http://www.valicert.com//emailAddress=info@valicert.com |
203 ... | 203 ... |
204 </programlisting> | 204 </programlisting> |
205 | 205 |
206 In this example the subject (“<i>s</i>”) of the | 206 In this example the subject (“<i>s</i>”) of the |
207 <url>www.GoDaddy.com</url> server certificate #0 is signed by an issuer | 207 <literal>www.GoDaddy.com</literal> server certificate #0 is signed by an issuer |
208 (“<i>i</i>”) which itself is the subject of the certificate #1, | 208 (“<i>i</i>”) which itself is the subject of the certificate #1, |
209 which is signed by an issuer which itself is the subject of the certificate #2, | 209 which is signed by an issuer which itself is the subject of the certificate #2, |
210 which signed by the well-known issuer <i>ValiCert, Inc.</i> | 210 which signed by the well-known issuer <i>ValiCert, Inc.</i> |
211 whose certificate is stored in the browsers’ built-in | 211 whose certificate is stored in the browsers’ built-in |
212 certificate base (that lay in the house that Jack built). | 212 certificate base (that lay in the house that Jack built). |
279 ... | 279 ... |
280 } | 280 } |
281 </programlisting> | 281 </programlisting> |
282 | 282 |
283 With this configuration a browser receives the certificate of the default | 283 With this configuration a browser receives the certificate of the default |
284 server, i.e., <url>www.example.com</url> regardless of the requested server name. | 284 server, i.e., <literal>www.example.com</literal> regardless of the requested server name. |
285 This is caused by SSL protocol behaviour. The SSL connection is established | 285 This is caused by SSL protocol behaviour. The SSL connection is established |
286 before the browser sends an HTTP request and nginx does not know | 286 before the browser sends an HTTP request and nginx does not know |
287 the name of the requested server. Therefore, it may only offer the certificate | 287 the name of the requested server. Therefore, it may only offer the certificate |
288 of the default server. | 288 of the default server. |
289 </para> | 289 </para> |
319 | 319 |
320 <para> | 320 <para> |
321 There are other ways to share a single IP address between several | 321 There are other ways to share a single IP address between several |
322 HTTPS servers, however, all of them have drawbacks. | 322 HTTPS servers, however, all of them have drawbacks. |
323 One way is to use a certificate with several names in | 323 One way is to use a certificate with several names in |
324 the SubjectAltName certificate field, for example, <url>www.example.com</url> | 324 the SubjectAltName certificate field, for example, <literal>www.example.com</literal> |
325 and <url>www.example.org</url>. | 325 and <literal>www.example.org</literal>. |
326 However, the SubjectAltName field length is limited. | 326 However, the SubjectAltName field length is limited. |
327 </para> | 327 </para> |
328 | 328 |
329 <para> | 329 <para> |
330 Another way is to use a certificate with a wildcard name, for example, | 330 Another way is to use a certificate with a wildcard name, for example, |
331 <url>*.example.org</url>. This certificate matches | 331 <literal>*.example.org</literal>. This certificate matches |
332 <url>www.example.org</url>, but does not match <url>example.org</url> | 332 <literal>www.example.org</literal>, but does not match <literal>example.org</literal> |
333 and <url>www.sub.example.org</url>. These two methods can also be combined. | 333 and <literal>www.sub.example.org</literal>. These two methods can also be combined. |
334 A certificate may contain exact and wildcard names in the SubjectAltName field, | 334 A certificate may contain exact and wildcard names in the SubjectAltName field, |
335 for example, <url>example.org</url> and <url>*.example.org</url>. | 335 for example, <literal>example.org</literal> and <literal>*.example.org</literal>. |
336 </para> | 336 </para> |
337 | 337 |
338 <para> | 338 <para> |
339 It is better to place a certificate file with several names and | 339 It is better to place a certificate file with several names and |
340 its private key file at the <i>http</i> level of configuration | 340 its private key file at the <i>http</i> level of configuration |