Verification of proxied HTTPS server certificate

Maxim Dounin mdounin at
Tue Sep 24 14:03:48 UTC 2019


On Tue, Sep 24, 2019 at 06:35:10AM -0400, shivramg94 wrote:

> According to the documentation
> (
> the directive "proxy_ssl_verify" is used to enable or disabled the
> verification of the proxied HTTPS server certificate. But it doesn't talk
> about what all different types of validations (like Host Name Verification,
> Certificate Expiry etc) it does. 
> Could someone list out the validations Nginx performs on the obtained server
> certificate from the upstream server when the above said directive is set to
> "on"?

It verifies that the certificate is valid, signed by a trusted CA, 
and matches the host name as used in the proxy_pass directive.  
Much like it normally happens with any HTTPS client as per RFC 

Maxim Dounin

More information about the nginx mailing list