Support for ssl_certificate_dir ?

Kunal Pariani kpariani at
Mon Oct 13 21:17:04 UTC 2014

Thank you.


----- Original Message -----
From: "Maxim Dounin" <mdounin at>
To: "nginx-devel" <nginx-devel at>
Sent: Monday, October 13, 2014 1:17:26 PM
Subject: Re: Support for ssl_certificate_dir ?


On Mon, Oct 13, 2014 at 12:41:20PM -0700, Kunal Pariani wrote:

> 444 on this one too ?
> Thanks
> -Kunal
> On Wed, Oct 8, 2014 at 2:31 PM, Kunal Pariani <kpariani at> wrote:
> > Hello,
> > Currently nginx doesn't have the capability to define the directory
> > containing all the ssl certificates. This requires all the chained
> > certificates need to be munched together in the right order in a single
> > file and specified using the ssl_certificate directive (
> >
> > Any plans of adding the option for of having a 'ssl_certicate_dir' maybe
> > which would have the path where all the cert files reside ? Also the
> > ordering of the certs will be done by the proxy itself instead of being
> > done manually ?

Short answer: no plans.

Long answer:

The ssl_trusted_certificate directive can be used to specify a PEM 
file with certs to be loaded into a certificate store.  These 
certs will be used by OpenSSL to complete the certificate chain 

This OpenSSL behaviour is believed to cause more harm than good 
though, because a) it can add unneed certs to the chain in many 
cases, and b) the chain is built on runtime, and hence consumes 

And there are no plans to add support of directories to 
ssl_trusted_certificate, as well to other similar directives.

Maxim Dounin

nginx-devel mailing list
nginx-devel at

More information about the nginx-devel mailing list