a few questions about SSL module
Igor Sysoev
is at rambler-co.ru
Thu Sep 6 18:37:38 MSD 2007
On Thu, Sep 06, 2007 at 03:56:27PM +0200, Manlio Perillo wrote:
> I have two questions about SSL module (well, about SSL in general):
> 1) Is it reasonable to use the same certificate for both ssl_certificate
> and ssl_client_certificate?
No.
ssl_certificate is your site ceritficate signed by some known
authority, e.g., VeriSign, etc.
ssl_client_certificate is usualy your own ceritificate, that you use
to sign some certificates and give them to clients. Client should
import these certificates into their browsers.
> 2) In case ssl_verify_client is on, is it reasonable to
> set $http_remote_user = $ssl_client_s_dn;
> ?
May be, $ssl_client_s_dn is not user name only, it has other fields.
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list