How to pass a certificate to an upstream
igor at sysoev.ru
Wed Feb 9 17:18:14 MSK 2011
On Wed, Feb 09, 2011 at 03:09:08PM +0100, rainer at ultra-secure.de wrote:
> > On Wed, Feb 09, 2011 at 02:54:21PM +0100, rainer at ultra-secure.de wrote:
> >> I want to put NGINX in front of a server that requires
> >> client-certificates.
> >> I need to pass the certificate to the upstream.
> >> How does one do that?
> >> The upstream is a native jboss server (EJBCA in fact).
> > You can pass client certificate using some header, X-SSL-CERT, for
> > example:
> > proxy_set_header X-SSL-CERT $ssl_client_cert;
> > But I do not know how to get process it on jboss side.
> OK, so I would need to ask on the EJBCA-side of things, it seems?
> I read about $ssl_client_cert but couldn'd figure out how to pass it to
> the upstream.
Yes, on backend side the header should conatains a client certificate
in PEM format.
More information about the nginx