Mercurial > hg > nginx-site
comparison xml/en/docs/http/ngx_http_ssl_module.xml @ 712:2c9e8facc761
Resolved ambiguity regarding lists of certificates and fixed links.
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Tue, 09 Oct 2012 12:17:26 +0000 |
| parents | 3880034cc90c |
| children | 3f25469cbc49 |
comparison
equal
deleted
inserted
replaced
| 711:1f383a8bccdb | 712:2c9e8facc761 |
|---|---|
| 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
| 9 | 9 |
| 10 <module name="Module ngx_http_ssl_module" | 10 <module name="Module ngx_http_ssl_module" |
| 11 link="/en/docs/http/ngx_http_ssl_module.html" | 11 link="/en/docs/http/ngx_http_ssl_module.html" |
| 12 lang="en" | 12 lang="en" |
| 13 rev="2"> | 13 rev="3"> |
| 14 | 14 |
| 15 <section id="summary"> | 15 <section id="summary"> |
| 16 | 16 |
| 17 <para> | 17 <para> |
| 18 The <literal>ngx_http_ssl_module</literal> module provides the | 18 The <literal>ngx_http_ssl_module</literal> module provides the |
| 195 <default/> | 195 <default/> |
| 196 <context>http</context> | 196 <context>http</context> |
| 197 <context>server</context> | 197 <context>server</context> |
| 198 | 198 |
| 199 <para> | 199 <para> |
| 200 Specifies a file with a list of CA certificates in the PEM format | 200 Specifies a file with trusted CA certificates in the PEM format |
| 201 used to verify client certificates and | 201 used to verify client certificates and |
| 202 OCSP responses if <link id="ssl_stapling"/> is enabled. | 202 OCSP responses if <link id="ssl_stapling"/> is enabled. |
| 203 </para> | 203 </para> |
| 204 | 204 |
| 205 <para> | 205 <para> |
| 374 </para> | 374 </para> |
| 375 | 375 |
| 376 <para> | 376 <para> |
| 377 For the OCSP stapling to work, the certificate of the issuer of the server | 377 For the OCSP stapling to work, the certificate of the issuer of the server |
| 378 certificate should be known. | 378 certificate should be known. |
| 379 If the <link id="ssl_certificate">ssl_certificate</link> file does | 379 If the <link id="ssl_certificate"/> file does |
| 380 not contain intermediate certificates, | 380 not contain intermediate certificates, |
| 381 the certificate of the issuer of the server certificate should be | 381 the certificate of the issuer of the server certificate should be |
| 382 present in the | 382 present in the |
| 383 <link id="ssl_trusted_certificate">ssl_trusted_certificate</link> file. | 383 <link id="ssl_trusted_certificate"/> file. |
| 384 </para> | 384 </para> |
| 385 | 385 |
| 386 <para> | 386 <para> |
| 387 The <link doc="ngx_http_core_module.xml" id="resolver"/> directive | 387 The <link doc="ngx_http_core_module.xml" id="resolver"/> directive |
| 388 should also be specified to allow for a resolution | 388 should also be specified to allow for a resolution |
| 463 <context>http</context> | 463 <context>http</context> |
| 464 <context>server</context> | 464 <context>server</context> |
| 465 <appeared-in>1.3.7</appeared-in> | 465 <appeared-in>1.3.7</appeared-in> |
| 466 | 466 |
| 467 <para> | 467 <para> |
| 468 Specifies a file with a list of CA certificates in the PEM format | 468 Specifies a file with trusted CA certificates in the PEM format |
| 469 used to verify client certificates and | 469 used to verify client certificates and |
| 470 OCSP responses if <link id="ssl_stapling"/> is enabled. | 470 OCSP responses if <link id="ssl_stapling"/> is enabled. |
| 471 </para> | 471 </para> |
| 472 | 472 |
| 473 <para> | 473 <para> |
| 474 In contrast to <link id="ssl_client_certificate"/>, these certificates | 474 In contrast to <link id="ssl_client_certificate"/>, the list of these |
| 475 will not be sent to clients. | 475 certificates will not be sent to clients. |
| 476 </para> | 476 </para> |
| 477 | 477 |
| 478 </directive> | 478 </directive> |
| 479 | 479 |
| 480 | 480 |