Upstream certificate validation - Servers in a server group

Nitsan Matsliah Nitsan.Matsliah at
Tue Mar 1 09:26:23 UTC 2022

Assuming I have 2 servers in an upstream server group:

  1.  Test1.server.local
  2.  Test2.server.local
Each one of these servers holds their own FQDN in their respective certificates.
Test1.server.local will have test1.server.local as its subject and subject alternative name in the certificate it serves.
Test2.server.local will have test2.server.local as its subject and subject alternative name in the certificate it serves.

Now, let’s assume that the name of the upstream group or proxy_ssl_name is Test.server.local, nginx will compare the subject name from each certificate (either test1.server.local or test2.server.local) to the upstream group name - test.server.local and would complain about a mismatch.
Unless test.server.local is added to each upstream server certificate this issue will persist.

Is there any way around this using maybe nginx plus or any other alternative?

This e-mail and the information it contains may be privileged and/or confidential. It is intended solely for the use of the named recipient(s). If you are not the intended recipient you may not disclose, copy, distribute or retain any part of this message or attachments. If you have received this e-mail in error please notify the sender immediately [by clicking 'Reply'] and delete this e-mail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list