a few questions about SSL module

Manlio Perillo manlio_perillo at libero.it
Fri Sep 7 13:05:44 MSD 2007

Igor Sysoev ha scritto:
> On Thu, Sep 06, 2007 at 03:56:27PM +0200, Manlio Perillo wrote:
>> I have two questions about SSL module (well, about SSL in general):
>> 1) Is it reasonable to use the same certificate for both ssl_certificate
>>    and ssl_client_certificate?
> No.
> ssl_certificate is your site ceritficate signed by some known
> authority, e.g., VeriSign, etc.

I want to use SSL for a private area, so I can use self signed certificates.

> ssl_client_certificate is usualy your own ceritificate, that you use
> to sign some certificates and give them to clients. Client should
> import these certificates into their browsers.
>> 2) In case ssl_verify_client is on, is it reasonable to
>>       set $http_remote_user = $ssl_client_s_dn;
>>    ?
> May be, $ssl_client_s_dn is not user name only, it has other fields.

Is it possible to extract the commonName field?


Thanks and regards  Manlio Perillo

More information about the nginx mailing list