Mercurial > hg > nginx-site
changeset 2061:aac9e462320b
Added note about s_client and SNI (trac #708).
| author | Yaroslav Zhuravlev <yar@nginx.com> |
|---|---|
| date | Wed, 18 Oct 2017 15:22:04 +0300 |
| parents | 237b67ef69a6 |
| children | 7275c134ec67 |
| files | xml/en/docs/http/configuring_https_servers.xml xml/ru/docs/http/configuring_https_servers.xml |
| diffstat | 2 files changed, 14 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/xml/en/docs/http/configuring_https_servers.xml +++ b/xml/en/docs/http/configuring_https_servers.xml @@ -8,7 +8,7 @@ <article name="Configuring HTTPS servers" link="/en/docs/http/configuring_https_servers.html" lang="en" - rev="12" + rev="13" author="Igor Sysoev" editor="Brian Mercer"> @@ -198,6 +198,12 @@ Certificate chain ... </programlisting> +<note> +When testing configurations with <link id="sni">SNI</link>, +it is important to specify the <literal>-servername</literal> option +as <command>openssl</command> does not use SNI by default. +</note> + In this example the subject (“<i>s</i>”) of the <literal>www.GoDaddy.com</literal> server certificate #0 is signed by an issuer (“<i>i</i>”) which itself is the subject of the certificate #1,
--- a/xml/ru/docs/http/configuring_https_servers.xml +++ b/xml/ru/docs/http/configuring_https_servers.xml @@ -8,7 +8,7 @@ <article name="Настройка HTTPS-серверов" link="/ru/docs/http/configuring_https_servers.html" lang="ru" - rev="12" + rev="13" author="Игорь Сысоев" editor="Brian Mercer"> @@ -196,6 +196,12 @@ Certificate chain ... </programlisting> +<note> +При тестировании конфигураций с <link id="sni">SNI</link> +необходимо указывать опцию <literal>-servername</literal>, +так как <command>openssl</command> по умолчанию не использует SNI. +</note> + В этом примере субъект (“<i>s</i>”) сертификата №0 сервера <literal>www.GoDaddy.com</literal> подписан издателем (“<i>i</i>”), который в свою очередь является субъектом сертификата №1, подписанного