How to establish secure connection between NGINX <-> https upstream API

satscreate sathish.create at
Fri Mar 13 05:47:40 UTC 2020

Using below config, According to this,

server {
       listen      80;
       server_name nginx_server_name;

upstream dev {
   zone dev 64k;

       location /upstream {
           proxy_pass https://$upstream$request_uri;
           proxy_ssl_certificate         /etc/nginx/client.pem;
           proxy_ssl_certificate_key     /etc/nginx/client.key;
           proxy_ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
           proxy_ssl_ciphers             HIGH:!aNULL:!MD5;
           proxy_ssl_trusted_certificate /etc/nginx/trusted_ca_cert.crt;

           proxy_ssl_verify        on;
           proxy_ssl_verify_depth  2;
           proxy_ssl_session_reuse on;
What is below client.pem & client.key?

is this the nginx client files which needs to be created and signed with CA?
or is that a ssl certs?

What is trusted_ca_cert.crt;?

Is this related to how can i obtain this?

Steps i did:

Created csr & key using openssl with CN as nginx_server_name
signed & Got the cert (client.crt) -> client.pem configured both client.pem
& .key in config
But getting below exception when i hit the API.

upstream SSL certificate verify error: (19:self signed certificate in
certificate chain) while SSL handshaking to upstream, client: <user_ip>,
server: <nginx_server_ip>, request: "POST /getsomething HTTP/1.1", upstream:
"", host: "nginx_server_ip"

Sent from:

More information about the nginx mailing list