Hello,
I use nginx as a proxy server for some clusters and a lot of virtual hosts. Now we plan to offer client authentication through client certificates. I wonder how I can use different ca certificates for each vhost or an other way to ensure that the given client certificate is valid for a specific vhost. What I mean. How can I ensure to use the correct ca for the client certificate to avoid faking information through another included ca.
If I configure directly to nginx.conf the client certificate is checked:
[...]
http {
include vhost_ssl.conf;
ssl_client_certificate /usr/local/nginx/ssl/public/ca_test.pem;
ssl_verify_client optional;
[...]
but if I set it in the excluded vhost_ssl.conf it seems it doesn't get recognized:
server {
listen 443;
server_name ~^ege.example.com$ ;
ssl on;
[...]
ssl_client_certificate /usr/local/nginx/ssl/public/ca_test.pem;
ssl_verify_client optional;
[...]
}
Kind regards,
Erik