Hello!

On Wed, Mar 31, 2010 at 04:09:42AM -0400, kaiyuan wrote:

[...]

> My questions are
> Can I have an SSL from Client to Nginx and another between
> Nginx and Tomcat ，nginx verify the client certificate,and
> also transfer the client certificate to tomcat,tomcat also
> verify the client certificate.
>
> if nginx can do this,how to setup.Can someboby give me an
> correct nginx.conf for this?

This is not possible. To "transfer" client certificate one have
to be able to access certificate's private key. Moreover, nginx
currently doesn't support using client certificates in proxy
connections at all.

You may want to pass results of client cert verification
($ssl_client_s_dn and so on) from nginx to tomcat in http headers
instead. See here for details:

http://wiki.nginx.org/NginxHttpSslModule#Built-in_variables
http://wiki.nginx.org/NginxHttpProxyModule#proxy_set_header

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx