Mercurial > hg > nginx-site
comparison xml/en/docs/http/ngx_http_ssl_module.xml @ 2334:dbe55598d3f6
Added variables support in ssl_certificate and ssl_certificate_key.
| author | Yaroslav Zhuravlev <yar@nginx.com> |
|---|---|
| date | Tue, 26 Feb 2019 18:33:47 +0300 |
| parents | e2e71f9477a8 |
| children | 8e35f3af574b |
comparison
equal
deleted
inserted
replaced
| 2333:fb5e1d2d4c75 | 2334:dbe55598d3f6 |
|---|---|
| 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
| 9 | 9 |
| 10 <module name="Module ngx_http_ssl_module" | 10 <module name="Module ngx_http_ssl_module" |
| 11 link="/en/docs/http/ngx_http_ssl_module.html" | 11 link="/en/docs/http/ngx_http_ssl_module.html" |
| 12 lang="en" | 12 lang="en" |
| 13 rev="44"> | 13 rev="45"> |
| 14 | 14 |
| 15 <section id="summary"> | 15 <section id="summary"> |
| 16 | 16 |
| 17 <para> | 17 <para> |
| 18 The <literal>ngx_http_ssl_module</literal> module provides the | 18 The <literal>ngx_http_ssl_module</literal> module provides the |
| 173 With older versions, only one certificate chain can be used. | 173 With older versions, only one certificate chain can be used. |
| 174 </note> | 174 </note> |
| 175 </para> | 175 </para> |
| 176 | 176 |
| 177 <para> | 177 <para> |
| 178 Since version 1.15.9, variables can be used in the <value>file</value> name | |
| 179 when using OpenSSL 1.0.2 or higher: | |
| 180 <example> | |
| 181 ssl_certificate $ssl_server_name.crt; | |
| 182 ssl_certificate_key $ssl_server_name.key; | |
| 183 </example> | |
| 184 Note that using variables implies that | |
| 185 a certificate will be loaded for each SSL handshake, | |
| 186 and this may have a negative impact on performance. | |
| 187 </para> | |
| 188 | |
| 189 <para> | |
| 178 It should be kept in mind that due to the HTTPS protocol limitations | 190 It should be kept in mind that due to the HTTPS protocol limitations |
| 179 for maximum interoperability virtual servers should listen on | 191 for maximum interoperability virtual servers should listen on |
| 180 <link doc="configuring_https_servers.xml" id="name_based_https_servers">different | 192 <link doc="configuring_https_servers.xml" id="name_based_https_servers">different |
| 181 IP addresses</link>. | 193 IP addresses</link>. |
| 182 </para> | 194 </para> |
| 199 The value | 211 The value |
| 200 <literal>engine</literal>:<value>name</value>:<value>id</value> | 212 <literal>engine</literal>:<value>name</value>:<value>id</value> |
| 201 can be specified instead of the <value>file</value> (1.7.9), | 213 can be specified instead of the <value>file</value> (1.7.9), |
| 202 which loads a secret key with a specified <value>id</value> | 214 which loads a secret key with a specified <value>id</value> |
| 203 from the OpenSSL engine <value>name</value>. | 215 from the OpenSSL engine <value>name</value>. |
| 216 </para> | |
| 217 | |
| 218 <para> | |
| 219 Since version 1.15.9, variables can be used in the <value>file</value> name | |
| 220 when using OpenSSL 1.0.2 or higher. | |
| 204 </para> | 221 </para> |
| 205 | 222 |
| 206 </directive> | 223 </directive> |
| 207 | 224 |
| 208 | 225 |