Using Yubikey/PKCS11 for Upstream Client Certificates

erik nginx-forum at
Tue Feb 4 17:14:28 UTC 2020

Specifically, I'd like to know if the proxy_ssl_certificate and
proxy_ssl_certificate_key directives can support RFC-7512 PKCS#11 URIs, or
whether they're hardwired to be just local file paths.

With my private key in hardware, I'm looking for the ability to point nginx
to something like:

location /upstream {
    proxy_pass      ;
    proxy_ssl_certificate     /etc/nginx/client.pem;

Erik van Zijst

Posted at Nginx Forum:,286922,286930#msg-286930

More information about the nginx mailing list