a few questions about SSL module

Igor Sysoev is at rambler-co.ru
Thu Sep 6 18:37:38 MSD 2007

On Thu, Sep 06, 2007 at 03:56:27PM +0200, Manlio Perillo wrote:

> I have two questions about SSL module (well, about SSL in general):
> 1) Is it reasonable to use the same certificate for both ssl_certificate
>    and ssl_client_certificate?


ssl_certificate is your site ceritficate signed by some known
authority, e.g., VeriSign, etc.

ssl_client_certificate is usualy your own ceritificate, that you use
to sign some certificates and give them to clients. Client should
import these certificates into their browsers.

> 2) In case ssl_verify_client is on, is it reasonable to
>       set $http_remote_user = $ssl_client_s_dn;
>    ?

May be, $ssl_client_s_dn is not user name only, it has other fields.

Igor Sysoev

More information about the nginx mailing list