Mercurial > hg > nginx-site
comparison xml/en/docs/http/ngx_http_ssl_module.xml @ 712:2c9e8facc761
Resolved ambiguity regarding lists of certificates and fixed links.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Tue, 09 Oct 2012 12:17:26 +0000 |
parents | 3880034cc90c |
children | 3f25469cbc49 |
comparison
equal
deleted
inserted
replaced
711:1f383a8bccdb | 712:2c9e8facc761 |
---|---|
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
9 | 9 |
10 <module name="Module ngx_http_ssl_module" | 10 <module name="Module ngx_http_ssl_module" |
11 link="/en/docs/http/ngx_http_ssl_module.html" | 11 link="/en/docs/http/ngx_http_ssl_module.html" |
12 lang="en" | 12 lang="en" |
13 rev="2"> | 13 rev="3"> |
14 | 14 |
15 <section id="summary"> | 15 <section id="summary"> |
16 | 16 |
17 <para> | 17 <para> |
18 The <literal>ngx_http_ssl_module</literal> module provides the | 18 The <literal>ngx_http_ssl_module</literal> module provides the |
195 <default/> | 195 <default/> |
196 <context>http</context> | 196 <context>http</context> |
197 <context>server</context> | 197 <context>server</context> |
198 | 198 |
199 <para> | 199 <para> |
200 Specifies a file with a list of CA certificates in the PEM format | 200 Specifies a file with trusted CA certificates in the PEM format |
201 used to verify client certificates and | 201 used to verify client certificates and |
202 OCSP responses if <link id="ssl_stapling"/> is enabled. | 202 OCSP responses if <link id="ssl_stapling"/> is enabled. |
203 </para> | 203 </para> |
204 | 204 |
205 <para> | 205 <para> |
374 </para> | 374 </para> |
375 | 375 |
376 <para> | 376 <para> |
377 For the OCSP stapling to work, the certificate of the issuer of the server | 377 For the OCSP stapling to work, the certificate of the issuer of the server |
378 certificate should be known. | 378 certificate should be known. |
379 If the <link id="ssl_certificate">ssl_certificate</link> file does | 379 If the <link id="ssl_certificate"/> file does |
380 not contain intermediate certificates, | 380 not contain intermediate certificates, |
381 the certificate of the issuer of the server certificate should be | 381 the certificate of the issuer of the server certificate should be |
382 present in the | 382 present in the |
383 <link id="ssl_trusted_certificate">ssl_trusted_certificate</link> file. | 383 <link id="ssl_trusted_certificate"/> file. |
384 </para> | 384 </para> |
385 | 385 |
386 <para> | 386 <para> |
387 The <link doc="ngx_http_core_module.xml" id="resolver"/> directive | 387 The <link doc="ngx_http_core_module.xml" id="resolver"/> directive |
388 should also be specified to allow for a resolution | 388 should also be specified to allow for a resolution |
463 <context>http</context> | 463 <context>http</context> |
464 <context>server</context> | 464 <context>server</context> |
465 <appeared-in>1.3.7</appeared-in> | 465 <appeared-in>1.3.7</appeared-in> |
466 | 466 |
467 <para> | 467 <para> |
468 Specifies a file with a list of CA certificates in the PEM format | 468 Specifies a file with trusted CA certificates in the PEM format |
469 used to verify client certificates and | 469 used to verify client certificates and |
470 OCSP responses if <link id="ssl_stapling"/> is enabled. | 470 OCSP responses if <link id="ssl_stapling"/> is enabled. |
471 </para> | 471 </para> |
472 | 472 |
473 <para> | 473 <para> |
474 In contrast to <link id="ssl_client_certificate"/>, these certificates | 474 In contrast to <link id="ssl_client_certificate"/>, the list of these |
475 will not be sent to clients. | 475 certificates will not be sent to clients. |
476 </para> | 476 </para> |
477 | 477 |
478 </directive> | 478 </directive> |
479 | 479 |
480 | 480 |