Proxy to upstream HTTPS server *with different* keys/certs in nginx
Maxim Dounin
mdounin at mdounin.ru
Mon Feb 10 09:11:50 UTC 2014
Hello!
On Sun, Feb 09, 2014 at 07:13:55PM -0500, tbamise wrote:
> >
> > Connections to upstream servers don't use any client certificates.
> >
>
> Yes I agree. The connection to the upstream server uses the nginx server
> certificates specified by $ssl_certificate(_key).
It looks like you didn't understand my answer. Again: connections
to upstream servers don't use any client certificates. That is,
no certificates are used by nginx when connecting to upstream
servers.
> Basically I want to use:
> for downstream to client - a.cert & a.cert.key for connection to clients
> for upstream to upstream servers - b.cert & b.cert.key for connection to
> upstream servers.
>
> The https & server modules of Nginx only allow you to specify a single cert
> pair via $ssl_certificate(_key)
The only thing you can specify is ssl_client_certificate (and
ssl_client_certificate_key), and it is used only in connections
with clients.
SSL support in proxy module is rather rudientary and it doesn't
support using client certificates.
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list