paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-04 14:03:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

prod docs: Call out more the need for a chained cert bundle.

Browse Source 
This is kind of easy to gloss over, especially with the framing
as a "format"; surely if things work at all, the file format
must have been right, right?  It's really a bit more substantive
than that; say so and also add a bit more description.
This commit is contained in:
Greg Price
2018-04-16 11:29:19 -07:00
parent fdfbd45208
commit 21045d8cf0
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/production/ssl-certificates.md
View File

@@ -13,10 +13,14 @@ If you already have an SSL certificate, just install (or symlink) its
files into place at the following paths: files into place at the following paths:
* `/etc/ssl/private/zulip.key` for the private key * `/etc/ssl/private/zulip.key` for the private key
* `/etc/ssl/certs/zulip.combined-chain.crt` for the certificate. * `/etc/ssl/certs/zulip.combined-chain.crt` for the certificate.
Because Zulip uses nginx as its web server, this should be in the
format of a [chained certificate bundle][nginx-https].
[nginx-https]: http://nginx.org/en/docs/http/configuring_https_servers.html Your certificate file should contain not only your own certificate but
its full chain, including any intermediate certificates used by your
CA. See the [nginx documentation][nginx-chains] for details on what
this means and how to do it and test it. If you're missing part of
the chain, your server may work with some browsers but not others.
[nginx-chains]: http://nginx.org/en/docs/http/configuring_https_servers.html#chains
## Certbot (recommended) ## Certbot (recommended)