Proxy to upstream HTTPS server *with different* keys/certs in nginx

Lukas Tribus luky-37 at
Mon Feb 10 14:44:13 UTC 2014


> I'll rephrase the question. I'm interested in server certificates (not
> client). The ssl_certificate_key file is used as a private key for the
> server to decrypt ssl connections for clients. I'm looking to configure
> another key for encrypting ssl connections from niginx server to upstream
> server.

Thats the point exactly. You don't need a key to encrypt ssl connections from
nginx to upstream https servers, EXPECT if you are using client certificates.

So either you want to specify the CA file to verify the upstream servers
certificate and you do not use client certificates (no pem file, no key)


you are using client certificates, which is way you need a certificate + key
on the nginx side to connect to upstream https.

So what exactly are you trying to achieve? 		 	   		  

More information about the nginx mailing list