Provide site-specific SSL cert on behalf of clients

Igor Sysoev igor at sysoev.ru
Wed May 25 13:19:57 MSD 2011


On Wed, May 25, 2011 at 05:15:18AM -0400, urschrei wrote:
> Igor,
> yes, it's a client SSL cert.

You should have a CA certificate which is used to sign client certificates.
This ceritificate should be declared on server level:

server {
    listen  443;
    ssl     on;
    ...

    ssl_client_certificate  ca-cert.pem;
    ssl_verify_client       on;


-- 
Igor Sysoev



More information about the nginx mailing list