Proxy to upstream HTTPS server *with different* keys/certs in nginx

Maxim Dounin mdounin at
Mon Feb 10 09:11:50 UTC 2014


On Sun, Feb 09, 2014 at 07:13:55PM -0500, tbamise wrote:

> > 
> > Connections to upstream servers don't use any client certificates.
> > 
> Yes I agree. The connection to the upstream server uses the nginx server
> certificates specified by $ssl_certificate(_key).

It looks like you didn't understand my answer.  Again: connections 
to upstream servers don't use any client certificates.  That is, 
no certificates are used by nginx when connecting to upstream 

> Basically I want to use:
> for downstream to client - a.cert & a.cert.key for connection to clients
> for upstream to upstream servers - b.cert & b.cert.key for connection to
> upstream servers.
> The https & server modules of Nginx only allow you to specify a single cert
> pair via $ssl_certificate(_key)

The only thing you can specify is ssl_client_certificate (and 
ssl_client_certificate_key), and it is used only in connections 
with clients.

SSL support in proxy module is rather rudientary and it doesn't 
support using client certificates.

Maxim Dounin

More information about the nginx mailing list