# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /etc/ssl/{{ inventory_hostname }}.crt;
ssl_certificate_key /etc/ssl/private/{{ inventory_hostname }}.key;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/ssl/{{ inventory_hostname }}.crt;

# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/ssl/dhparams.pem;