| Syntax: | ssl_certificate |
|---|---|
| Default: | — |
| Context: | http, server |
Specifies a file with the certificate in the PEM format for the given virtual server. If intermediate certificates should be specified in addition to a primary certificate, they should be specified in the same file in the following order: the primary certificate comes first, then the intermediate certificates. A secret key in the PEM format may be placed in the same file.
Since version 1.11.0, this directive can be specified multiple times to load certificates of different types, for example, RSA and ECDSA:
server {
listen 443 ssl;
server_name example.com;
ssl_certificate example.com.rsa.crt;
ssl_certificate_key example.com.rsa.key;
ssl_certificate example.com.ecdsa.crt;
ssl_certificate_key example.com.ecdsa.key;
...
}
Only OpenSSL 1.0.2 or higher supports separate certificate chains for different certificates. With older versions, only one certificate chain can be used.
It should be kept in mind that due to the HTTPS protocol limitations virtual servers should listen on different IP addresses:
server {
listen 192.168.1.1:443;
server_name one.example.com;
ssl_certificate one.example.com.crt;
...
}
server {
listen 192.168.1.2:443;
server_name two.example.com;
ssl_certificate two.example.com.crt;
...
}
otherwise the first server’s certificate will be issued for the second site.
Please login to continue.