SNI and certs.

Jonathan Vanasco nginx at 2xlp.com
Sun Dec 4 21:12:33 UTC 2016


On Dec 4, 2016, at 11:03 AM, Reinis Rozitis wrote:

> In case of https I don't even think it makes sense to provide any certificates (even self-signed). 
> Without those the connection will/should be just terminated because of peer not providing any certificates and self-signed certs shouldn't be validated (otherways there is a major flaw) by clients/crawlers either.

I prefer a self-signed (or other somewhat valid) cert because it lets me test the configuration easier (ie, it's broken in the correct way), and most automated monitoring services can be configured to accept it to test a "pass".




More information about the nginx mailing list