Welcome! Log In Create A New Profile

Advanced

Re: Verification of proxied HTTPS server certificate

Maxim Dounin
September 24, 2019 10:04AM
Hello!

On Tue, Sep 24, 2019 at 06:35:10AM -0400, shivramg94 wrote:

> According to the documentation
> (http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_verify)
> the directive "proxy_ssl_verify" is used to enable or disabled the
> verification of the proxied HTTPS server certificate. But it doesn't talk
> about what all different types of validations (like Host Name Verification,
> Certificate Expiry etc) it does.
>
> Could someone list out the validations Nginx performs on the obtained server
> certificate from the upstream server when the above said directive is set to
> "on"?

It verifies that the certificate is valid, signed by a trusted CA,
and matches the host name as used in the proxy_pass directive.
Much like it normally happens with any HTTPS client as per RFC
2818.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Verification of proxied HTTPS server certificate

shivramg94 September 24, 2019 06:35AM

Re: Verification of proxied HTTPS server certificate

Maxim Dounin September 24, 2019 10:04AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 118
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready