Mercurial > hg > nginx-site
comparison xml/en/docs/http/ngx_http_ssl_module.xml @ 1726:a0bc284941f6
Documented multiple certificates support.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Tue, 07 Jun 2016 19:00:50 +0300 |
| parents | 67b5aac350e4 |
| children | 3fa0944ddc6a |
comparison
equal
deleted
inserted
replaced
| 1725:67b5aac350e4 | 1726:a0bc284941f6 |
|---|---|
| 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
| 9 | 9 |
| 10 <module name="Module ngx_http_ssl_module" | 10 <module name="Module ngx_http_ssl_module" |
| 11 link="/en/docs/http/ngx_http_ssl_module.html" | 11 link="/en/docs/http/ngx_http_ssl_module.html" |
| 12 lang="en" | 12 lang="en" |
| 13 rev="22"> | 13 rev="23"> |
| 14 | 14 |
| 15 <section id="summary"> | 15 <section id="summary"> |
| 16 | 16 |
| 17 <para> | 17 <para> |
| 18 The <literal>ngx_http_ssl_module</literal> module provides the | 18 The <literal>ngx_http_ssl_module</literal> module provides the |
| 141 for the given virtual server. | 141 for the given virtual server. |
| 142 If intermediate certificates should be specified in addition to a primary | 142 If intermediate certificates should be specified in addition to a primary |
| 143 certificate, they should be specified in the same file in the following | 143 certificate, they should be specified in the same file in the following |
| 144 order: the primary certificate comes first, then the intermediate certificates. | 144 order: the primary certificate comes first, then the intermediate certificates. |
| 145 A secret key in the PEM format may be placed in the same file. | 145 A secret key in the PEM format may be placed in the same file. |
| 146 </para> | |
| 147 | |
| 148 <para> | |
| 149 Since version 1.11.0, | |
| 150 this directive can be specified multiple times | |
| 151 to load certificates of different types, for example, RSA and ECDSA: | |
| 152 <example> | |
| 153 server { | |
| 154 listen 443 ssl; | |
| 155 server_name example.com; | |
| 156 | |
| 157 ssl_certificate example.com.rsa.crt; | |
| 158 ssl_certificate_key example.com.rsa.key; | |
| 159 | |
| 160 ssl_certificate example.com.ecdsa.crt; | |
| 161 ssl_certificate_key example.com.ecdsa.key; | |
| 162 | |
| 163 ... | |
| 164 } | |
| 165 </example> | |
| 166 <note> | |
| 167 Only OpenSSL 1.0.2 or higher supports separate | |
| 168 <link doc="configuring_https_servers.xml" id="chains">certificate chains</link> | |
| 169 for different certificates. | |
| 170 With older versions, only one certificate chain can be used. | |
| 171 </note> | |
| 146 </para> | 172 </para> |
| 147 | 173 |
| 148 <para> | 174 <para> |
| 149 It should be kept in mind that due to the HTTPS protocol limitations | 175 It should be kept in mind that due to the HTTPS protocol limitations |
| 150 virtual servers should listen on different IP addresses: | 176 virtual servers should listen on different IP addresses: |