Client certificates require nginx restart

kefear nginx-forum at nginx.us
Mon Dec 6 13:42:01 MSK 2010


Hi, 
I have setup nginx as a ssl reverse proxy for tomcat. I am doing
matching based on client DN like that:

[code]
	ssl on;
	ssl_certificate /etc/ssl/server.crt;
	ssl_certificate_key /etc/ssl/server.key;
	ssl_client_certificate /etc/ssl/certs/ca.crt;
	ssl_verify_client on;

location  /client2 {
		if ($ssl_client_s_dn = "/C=US/ST=OH/O=TEST.US/OU=ADM/CN=client2") {
			proxy_pass http://127.0.0.1:8180;
			break;
		}
	}
[/code]

Everything works fine except that I have to restart nginx every time new
certificate is imported into a client browser. I would like to make them
work without restarting nginx. Is it possible or am I doing something
wrong ? Thanks in advance for any help

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,155960,155960#msg-155960




More information about the nginx mailing list