Support for ssl_certificate_dir ?

Maxim Dounin mdounin at
Mon Oct 13 20:17:26 UTC 2014


On Mon, Oct 13, 2014 at 12:41:20PM -0700, Kunal Pariani wrote:

> 444 on this one too ?
> Thanks
> -Kunal
> On Wed, Oct 8, 2014 at 2:31 PM, Kunal Pariani <kpariani at> wrote:
> > Hello,
> > Currently nginx doesn't have the capability to define the directory
> > containing all the ssl certificates. This requires all the chained
> > certificates need to be munched together in the right order in a single
> > file and specified using the ssl_certificate directive (
> >
> > Any plans of adding the option for of having a 'ssl_certicate_dir' maybe
> > which would have the path where all the cert files reside ? Also the
> > ordering of the certs will be done by the proxy itself instead of being
> > done manually ?

Short answer: no plans.

Long answer:

The ssl_trusted_certificate directive can be used to specify a PEM 
file with certs to be loaded into a certificate store.  These 
certs will be used by OpenSSL to complete the certificate chain 

This OpenSSL behaviour is believed to cause more harm than good 
though, because a) it can add unneed certs to the chain in many 
cases, and b) the chain is built on runtime, and hence consumes 

And there are no plans to add support of directories to 
ssl_trusted_certificate, as well to other similar directives.

Maxim Dounin

More information about the nginx-devel mailing list