2018-11-25 19:13:33 +01:00
|
|
|
# ----------------------------------------------------------------------
|
|
|
|
|
# | Certificate files |
|
|
|
|
|
# ----------------------------------------------------------------------
|
|
|
|
|
|
2019-05-15 18:38:05 +02:00
|
|
|
# This default SSL certificate will be served whenever the client lacks support
|
|
|
|
|
# for SNI (Server Name Indication).
|
2018-11-25 19:13:33 +01:00
|
|
|
# Make it a symlink to the most important certificate you have, so that
|
|
|
|
|
# users of IE 8 and below on WinXP can see your main site without SSL errors.
|
|
|
|
|
#
|
|
|
|
|
# (1) Certificate and key files location
|
2020-12-29 19:20:35 +01:00
|
|
|
# The certificate file can contain an intermediate certificate.
|
2018-11-25 19:13:33 +01:00
|
|
|
#
|
|
|
|
|
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate
|
|
|
|
|
#
|
|
|
|
|
# (2) Intermediate certificate location if loaded certificate (1) does not
|
2019-05-14 19:02:21 +02:00
|
|
|
# contain intermediate certificate when enabling OCSP stapling.
|
2018-11-25 19:13:33 +01:00
|
|
|
#
|
|
|
|
|
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_trusted_certificate
|
|
|
|
|
#
|
2020-12-29 19:20:35 +01:00
|
|
|
# (3) CA certificate file location for client certificate authentication.
|
2018-11-25 19:13:33 +01:00
|
|
|
#
|
|
|
|
|
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_client_certificate
|
|
|
|
|
|
|
|
|
|
# (1)
|
2019-02-10 22:13:25 +01:00
|
|
|
ssl_certificate /etc/nginx/certs/default.crt;
|
|
|
|
|
ssl_certificate_key /etc/nginx/certs/default.key;
|
2018-11-25 19:13:33 +01:00
|
|
|
|
|
|
|
|
# (2)
|
|
|
|
|
# ssl_trusted_certificate /path/to/ca.crt;
|
|
|
|
|
|
|
|
|
|
# (3)
|
|
|
|
|
# ssl_client_certificate /etc/nginx/default_ssl.crt;
|
