# ----------------------------------------------------------------------
# | Certificate files                                                  |
# ----------------------------------------------------------------------

# This default SSL certificate will be served whenever the client lacks support
# for SNI (Server Name Indication).
# Make it a symlink to the most important certificate you have, so that
# users of IE 8 and below on WinXP can see your main site without SSL errors.
#
# (1) Certificate and key files location
#     The certificate file can contain intermediate certificate.
#
#     https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate
#
# (2) Intermediate certificate location if loaded certificate (1) does not
#     contain intermediate certificate when enabling OCSP stapling.
#
#     https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_trusted_certificate
#
# (3) CA certificate file location for client certificate authentication
#
#     https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_client_certificate

# (1)
ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key;

# (2)
# ssl_trusted_certificate /path/to/ca.crt;

# (3)
# ssl_client_certificate /etc/nginx/default_ssl.crt;