Client certificates require nginx restart

kefear nginx-forum at
Mon Dec 6 13:42:01 MSK 2010

I have setup nginx as a ssl reverse proxy for tomcat. I am doing
matching based on client DN like that:

	ssl on;
	ssl_certificate /etc/ssl/server.crt;
	ssl_certificate_key /etc/ssl/server.key;
	ssl_client_certificate /etc/ssl/certs/ca.crt;
	ssl_verify_client on;

location  /client2 {
		if ($ssl_client_s_dn = "/C=US/ST=OH/O=TEST.US/OU=ADM/CN=client2") {

Everything works fine except that I have to restart nginx every time new
certificate is imported into a client browser. I would like to make them
work without restarting nginx. Is it possible or am I doing something
wrong ? Thanks in advance for any help

Posted at Nginx Forum:,155960,155960#msg-155960

More information about the nginx mailing list