Provide site-specific SSL cert on behalf of clients

Igor Sysoev igor at
Wed May 25 13:19:57 MSD 2011

On Wed, May 25, 2011 at 05:15:18AM -0400, urschrei wrote:
> Igor,
> yes, it's a client SSL cert.

You should have a CA certificate which is used to sign client certificates.
This ceritificate should be declared on server level:

server {
    listen  443;
    ssl     on;

    ssl_client_certificate  ca-cert.pem;
    ssl_verify_client       on;

Igor Sysoev

More information about the nginx mailing list