Provide site-specific SSL cert on behalf of clients

urschrei nginx-forum at
Wed May 25 14:27:15 MSD 2011

just to make sure I'm not misunderstanding you:

Usually, what happens is this:

I install an SSL cert (let's call it certA) in a client browser, so I
can access https site A, which requires it.

But if I have a lot of clients, I'd ideally like to have nginx proxy
this cert, on behalf of my clients, so I don't have to install it for
each of them. Are you saying that in order for nginx to proxy the cert,
I'll first have to generate a CA cert on the server, and then sign the
client cert (certA) with it? Won't this result in a self-signed
certificate warning every time a client tries to access site A?

Posted at Nginx Forum:,200521,200672#msg-200672

More information about the nginx mailing list