Welcome! Log In Create A New Profile

Advanced

Re: Does Nginx allow to specify multiple root certificates for client certificate verification?

Maxim Dounin
July 31, 2012 06:48AM
Hello!

On Tue, Jul 31, 2012 at 05:43:31AM -0400, ffeldhaus wrote:

> For a project as part of the European Grid Infrastructure (EGI) we need
> SSL client certificate verification for a service running on nginx. As
> there are several root CAs allowed within EGI, we need nginx to check
> them all during client certificate validation. In the documentation of
> nginx I could only find the parameter ssl_client_certificate which
> allows to specify just one file containing a root certificate.
>
> Is there a way to specify more than one root CA for client certificate
> verification in nginx or do I have to use Apache for this?

Yes. Just put multiple root CA certificates into a file specified
in the ssl_client_certificate directive.

Note the docs explicitly say "certificates" (plural), see
http://nginx.org/r/ssl_client_certificate.

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Does Nginx allow to specify multiple root certificates for client certificate verification?

ffeldhaus July 31, 2012 05:43AM

Re: Does Nginx allow to specify multiple root certificates for client certificate verification?

Maxim Dounin July 31, 2012 06:48AM

Re: Does Nginx allow to specify multiple root certificates for client certificate verification?

ffeldhaus July 31, 2012 11:21AM

Re: Does Nginx allow to specify multiple root certificates for client certificate verification?

Maxim Dounin July 31, 2012 12:50PM

Re: Does Nginx allow to specify multiple root certificates for client certificate verification?

ffeldhaus August 10, 2012 05:28AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 99
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready