Does Nginx allow to specify multiple root certificates for client certificate verification?
mdounin at mdounin.ru
Tue Jul 31 10:47:17 UTC 2012
On Tue, Jul 31, 2012 at 05:43:31AM -0400, ffeldhaus wrote:
> For a project as part of the European Grid Infrastructure (EGI) we need
> SSL client certificate verification for a service running on nginx. As
> there are several root CAs allowed within EGI, we need nginx to check
> them all during client certificate validation. In the documentation of
> nginx I could only find the parameter ssl_client_certificate which
> allows to specify just one file containing a root certificate.
> Is there a way to specify more than one root CA for client certificate
> verification in nginx or do I have to use Apache for this?
Yes. Just put multiple root CA certificates into a file specified
in the ssl_client_certificate directive.
Note the docs explicitly say "certificates" (plural), see
More information about the nginx