Mercurial > hg > nginx-site
comparison xml/en/docs/http/configuring_https_servers.xml @ 593:130fad6dc1b4
Replaced the uses of "url" element with "literal".
| author | Ruslan Ermilov <ru@nginx.com> |
|---|---|
| date | Thu, 19 Jul 2012 05:17:45 +0000 |
| parents | 764fbac1b8b4 |
| children | bd81a71006fe |
comparison
equal
deleted
inserted
replaced
| 592:d40371689c1c | 593:130fad6dc1b4 |
|---|---|
| 202 /CN=http://www.valicert.com//emailAddress=info@valicert.com | 202 /CN=http://www.valicert.com//emailAddress=info@valicert.com |
| 203 ... | 203 ... |
| 204 </programlisting> | 204 </programlisting> |
| 205 | 205 |
| 206 In this example the subject (“<i>s</i>”) of the | 206 In this example the subject (“<i>s</i>”) of the |
| 207 <url>www.GoDaddy.com</url> server certificate #0 is signed by an issuer | 207 <literal>www.GoDaddy.com</literal> server certificate #0 is signed by an issuer |
| 208 (“<i>i</i>”) which itself is the subject of the certificate #1, | 208 (“<i>i</i>”) which itself is the subject of the certificate #1, |
| 209 which is signed by an issuer which itself is the subject of the certificate #2, | 209 which is signed by an issuer which itself is the subject of the certificate #2, |
| 210 which signed by the well-known issuer <i>ValiCert, Inc.</i> | 210 which signed by the well-known issuer <i>ValiCert, Inc.</i> |
| 211 whose certificate is stored in the browsers’ built-in | 211 whose certificate is stored in the browsers’ built-in |
| 212 certificate base (that lay in the house that Jack built). | 212 certificate base (that lay in the house that Jack built). |
| 279 ... | 279 ... |
| 280 } | 280 } |
| 281 </programlisting> | 281 </programlisting> |
| 282 | 282 |
| 283 With this configuration a browser receives the certificate of the default | 283 With this configuration a browser receives the certificate of the default |
| 284 server, i.e., <url>www.example.com</url> regardless of the requested server name. | 284 server, i.e., <literal>www.example.com</literal> regardless of the requested server name. |
| 285 This is caused by SSL protocol behaviour. The SSL connection is established | 285 This is caused by SSL protocol behaviour. The SSL connection is established |
| 286 before the browser sends an HTTP request and nginx does not know | 286 before the browser sends an HTTP request and nginx does not know |
| 287 the name of the requested server. Therefore, it may only offer the certificate | 287 the name of the requested server. Therefore, it may only offer the certificate |
| 288 of the default server. | 288 of the default server. |
| 289 </para> | 289 </para> |
| 319 | 319 |
| 320 <para> | 320 <para> |
| 321 There are other ways to share a single IP address between several | 321 There are other ways to share a single IP address between several |
| 322 HTTPS servers, however, all of them have drawbacks. | 322 HTTPS servers, however, all of them have drawbacks. |
| 323 One way is to use a certificate with several names in | 323 One way is to use a certificate with several names in |
| 324 the SubjectAltName certificate field, for example, <url>www.example.com</url> | 324 the SubjectAltName certificate field, for example, <literal>www.example.com</literal> |
| 325 and <url>www.example.org</url>. | 325 and <literal>www.example.org</literal>. |
| 326 However, the SubjectAltName field length is limited. | 326 However, the SubjectAltName field length is limited. |
| 327 </para> | 327 </para> |
| 328 | 328 |
| 329 <para> | 329 <para> |
| 330 Another way is to use a certificate with a wildcard name, for example, | 330 Another way is to use a certificate with a wildcard name, for example, |
| 331 <url>*.example.org</url>. This certificate matches | 331 <literal>*.example.org</literal>. This certificate matches |
| 332 <url>www.example.org</url>, but does not match <url>example.org</url> | 332 <literal>www.example.org</literal>, but does not match <literal>example.org</literal> |
| 333 and <url>www.sub.example.org</url>. These two methods can also be combined. | 333 and <literal>www.sub.example.org</literal>. These two methods can also be combined. |
| 334 A certificate may contain exact and wildcard names in the SubjectAltName field, | 334 A certificate may contain exact and wildcard names in the SubjectAltName field, |
| 335 for example, <url>example.org</url> and <url>*.example.org</url>. | 335 for example, <literal>example.org</literal> and <literal>*.example.org</literal>. |
| 336 </para> | 336 </para> |
| 337 | 337 |
| 338 <para> | 338 <para> |
| 339 It is better to place a certificate file with several names and | 339 It is better to place a certificate file with several names and |
| 340 its private key file at the <i>http</i> level of configuration | 340 its private key file at the <i>http</i> level of configuration |