a few questions about SSL module
Manlio Perillo
manlio_perillo at libero.it
Fri Sep 7 13:05:44 MSD 2007
Igor Sysoev ha scritto:
> On Thu, Sep 06, 2007 at 03:56:27PM +0200, Manlio Perillo wrote:
>
>> I have two questions about SSL module (well, about SSL in general):
>> 1) Is it reasonable to use the same certificate for both ssl_certificate
>> and ssl_client_certificate?
>
> No.
>
> ssl_certificate is your site ceritficate signed by some known
> authority, e.g., VeriSign, etc.
>
I want to use SSL for a private area, so I can use self signed certificates.
> ssl_client_certificate is usualy your own ceritificate, that you use
> to sign some certificates and give them to clients. Client should
> import these certificates into their browsers.
>
>> 2) In case ssl_verify_client is on, is it reasonable to
>> set $http_remote_user = $ssl_client_s_dn;
>> ?
>
> May be, $ssl_client_s_dn is not user name only, it has other fields.
>
Is it possible to extract the commonName field?
>
Thanks and regards Manlio Perillo
More information about the nginx
mailing list