From 5b798dda777049c2be0fc330042c667a21f5c405 Mon Sep 17 00:00:00 2001
From: Aitte <aitte@server.fake>
Date: Sun, 24 Feb 2013 16:02:26 -0500
Subject: [PATCH] nginx.conf: Add support for default SSL certificate served to
 clients with old browsers

---
 nginx/nginx.conf | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index c6b97bf..5c6e58c 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -103,5 +103,10 @@ http {
   ssl_session_cache    shared:SSL:10m; # a 1mb cache can hold about 4000 sessions, so we can hold 40000 sessions
   ssl_session_timeout  10m;
 
+  # This default SSL certificate will be served whenever the client lacks support for SNI (Server Name Indication).
+  # Make it a symlink to the most important certificate you have, so that users of IE 8 and below on WinXP can see your main site without SSL errors.
+  #ssl_certificate      /etc/nginx/default_ssl.crt;
+  #ssl_certificate_key  /etc/nginx/default_ssl.key;
+
   include sites-enabled/*;
 }