Support for ssl_certificate_dir ?
mdounin at mdounin.ru
Mon Oct 13 20:17:26 UTC 2014
On Mon, Oct 13, 2014 at 12:41:20PM -0700, Kunal Pariani wrote:
> 444 on this one too ?
> On Wed, Oct 8, 2014 at 2:31 PM, Kunal Pariani <kpariani at zimbra.com> wrote:
> > Hello,
> > Currently nginx doesn't have the capability to define the directory
> > containing all the ssl certificates. This requires all the chained
> > certificates need to be munched together in the right order in a single
> > file and specified using the ssl_certificate directive (
> > http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate).
> > Any plans of adding the option for of having a 'ssl_certicate_dir' maybe
> > which would have the path where all the cert files reside ? Also the
> > ordering of the certs will be done by the proxy itself instead of being
> > done manually ?
Short answer: no plans.
The ssl_trusted_certificate directive can be used to specify a PEM
file with certs to be loaded into a certificate store. These
certs will be used by OpenSSL to complete the certificate chain
This OpenSSL behaviour is believed to cause more harm than good
though, because a) it can add unneed certs to the chain in many
cases, and b) the chain is built on runtime, and hence consumes
And there are no plans to add support of directories to
ssl_trusted_certificate, as well to other similar directives.
More information about the nginx-devel