Welcome! Log In Create A New Profile

Advanced

Re: Client certificates require nginx restart

Previous Message Next Message
Forum List Message List New Topic Print View
Maxim Dounin
December 06, 2010 07:24AM
Hello!

On Mon, Dec 06, 2010 at 05:42:01AM -0500, kefear wrote:

> Hi,
> I have setup nginx as a ssl reverse proxy for tomcat. I am doing
> matching based on client DN like that:
>
> [code]
> ssl on;
> ssl_certificate /etc/ssl/server.crt;
> ssl_certificate_key /etc/ssl/server.key;
> ssl_client_certificate /etc/ssl/certs/ca.crt;
> ssl_verify_client on;
>
> location /client2 {
> if ($ssl_client_s_dn = "/C=US/ST=OH/O=TEST.US/OU=ADM/CN=client2") {
> proxy_pass http://127.0.0.1:8180;
> break;
> }
> }
> [/code]
>
> Everything works fine except that I have to restart nginx every time new
> certificate is imported into a client browser. I would like to make them
> work without restarting nginx. Is it possible or am I doing something
> wrong ? Thanks in advance for any help

It's likely to be caused by browser using previously established
ssl session (with old client cert used in it). Restarting
browser should help as well.

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

Client certificates require nginx restart

kefear December 06, 2010 05:42AM

Re: Client certificates require nginx restart

Maxim Dounin December 06, 2010 07:24AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 319
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready