Using Yubikey/PKCS11 for Upstream Client Certificates

erik nginx-forum at
Tue Feb 4 08:00:43 UTC 2020

Hi there,

I'm building a reverse proxy that needs to use TLS client certificates for
authentication to its proxy_pass location.

The documentation at
is pretty clear in how to point Nginx to the signed certificate and private
key file, but my cert and key are in hardware (YubiKey in PIV mode).

I have pkcs11 support through OpenSC, but I'm wondering if Nginx can work
with that. Is there a way to have it use the yubikey through pkcs11?


Posted at Nginx Forum:,286922,286922#msg-286922

More information about the nginx mailing list