Skip to content

Commit f2c29f2

Browse files
PE1NUTzeripathbagasmetechknowlogick
authored
Clarification on the use of certificate chains (#12986)
* Clarification on the use of certificate chains * As per @bagasme Co-authored-by: Bagas Sanjaya <[email protected]> Co-authored-by: zeripath <[email protected]> Co-authored-by: Bagas Sanjaya <[email protected]> Co-authored-by: techknowlogick <[email protected]>
1 parent 615e784 commit f2c29f2

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

docs/content/doc/advanced/config-cheat-sheet.en-us.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -212,7 +212,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
212212
- `SSH_LISTEN_PORT`: **%(SSH\_PORT)s**: Port for the built-in SSH server.
213213
- `OFFLINE_MODE`: **false**: Disables use of CDN for static files and Gravatar for profile pictures.
214214
- `DISABLE_ROUTER_LOG`: **false**: Mute printing of the router log.
215-
- `CERT_FILE`: **https/cert.pem**: Cert file path used for HTTPS. From 1.11 paths are relative to `CUSTOM_PATH`.
215+
- `CERT_FILE`: **https/cert.pem**: Cert file path used for HTTPS. When chaining, the server certificate must come first, then intermediate CA certificates (if any). From 1.11 paths are relative to `CUSTOM_PATH`.
216216
- `KEY_FILE`: **https/key.pem**: Key file path used for HTTPS. From 1.11 paths are relative to `CUSTOM_PATH`.
217217
- `STATIC_ROOT_PATH`: **./**: Upper level of template and static files path.
218218
- `STATIC_CACHE_TIME`: **6h**: Web browser cache time for static resources on `custom/`, `public/` and all uploaded avatars.

docs/content/doc/usage/https-support.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ HTTP_PORT = 3000
3232
CERT_FILE = cert.pem
3333
KEY_FILE = key.pem
3434
```
35-
35+
Note that if your certificate is signed by a third party certificate authority (i.e. not self-signed), then cert.pem should contain the certificate chain. The server certificate must be the first entry in cert.pem, followed by the intermediaries in order (if any). The root certificate does not have to be included because the connecting client must already have it in order to estalbish the trust relationship.
3636
To learn more about the config values, please checkout the [Config Cheat Sheet](../config-cheat-sheet#server).
3737

3838
### Setting up HTTP redirection

0 commit comments

Comments
 (0)