Use of Certs
Scott Larson
stl at wiredrive.com
Mon Dec 29 19:46:42 UTC 2014
If you're using nginx as a reverse proxy you'll want a cert set up on
that node. Without it, worst case is your link between the proxy and the
IIS server is secure but your link between the remote client and the proxy
will be insecure defeating the whole purpose. Best case is an error will be
thrown to the remote client either for a protocol mismatch or being unable
to connect to 443 after a forced reconnection. At least in the latter case
you wouldn't be leaking data over the wire.
If you're using SSL between the proxy and IIS you don't need the IIS
server certificate's private key. nginx just needs to be able to verify the
certificate chain as legitimate.
*__________________Scott LarsonSystems AdministratorWiredrive/LA310 823
8238 ext. 1106310 943 2078 faxwww.wiredrive.com
<http://www.wiredrive.com/>www.twitter.com/wiredrive
<http://www.twitter.com/wiredrive>www.facebook.com/wiredrive
<http://www.wiredrive.com/facebook>*
On Mon, Dec 29, 2014 at 11:36 AM, Peter Fraser <petros.fraser at gmail.com>
wrote:
> Hi All
> I am very new to nginx and am currently doing a lot of reading but would
> just love to have a nudge in the right direction
>
> I want to set up nginx as a reverse proxy for about three IIS servers
> behind a firewall.
> One of them is a public web server that handles secure logins. It is
> configured with a certificate signed by a CA. Do I need to import the web
> server's private key on to the nginx box or is this something I don't need
> to worry about?
>
> Regards.
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20141229/cd066578/attachment.html>
More information about the nginx
mailing list