Does Nginx allow to specify multiple root certificates for client certificate verification?

Maxim Dounin mdounin at
Tue Jul 31 10:47:17 UTC 2012


On Tue, Jul 31, 2012 at 05:43:31AM -0400, ffeldhaus wrote:

> For a project as part of the European Grid Infrastructure (EGI) we need
> SSL client certificate verification for a service running on nginx. As
> there are several root CAs allowed within EGI, we need nginx to check
> them all during client certificate validation. In the documentation of
> nginx I could only find the parameter ssl_client_certificate which
> allows to specify just one file containing a root certificate.
> Is there a way to specify more than one root CA for client certificate
> verification in nginx or do I have to use Apache for this?

Yes.  Just put multiple root CA certificates into a file specified 
in the ssl_client_certificate directive.

Note the docs explicitly say "certificates" (plural), see

Maxim Dounin

More information about the nginx mailing list