ssl_certificate

The ssl_certificate directive is essential for enabling SSL on an NGINX server. It designates the path to a PEM-encoded SSL certificate file that contains the public key of the server being operated. This certificate is critical for establishing secure HTTPS connections, as it enables clients to verify the authenticity of the server they are connecting to. The directive can be defined within the http or server contexts, affecting either the entire server configuration or a specific server block, respectively.

Typically, the ssl_certificate directive is used alongside the ssl_certificate_key directive, which specifies the corresponding private key for the certificate. Both files must match; otherwise, the SSL handshake will fail, preventing secure connections from being established. The configuration will also need to include SSL-related parameters such as the ssl_protocols and ssl_ciphers directives to govern the security protocols and encryption algorithms used during the connection.

When using this directive, it's important to ensure that the specified certificate file is accessible and properly formatted. Certificates can be obtained from various certificate authorities, and they usually come in the form of .crt files. Additionally, if using a certificate chain, the file should concatenate the server certificate and any intermediate certificates for proper validation on the client side.