Thanks Lukas! Guess I have to patch Nginx to use client certificates with upstream servers. Any suggestion as to a good place to start? I'm looking to nix_http_upstream.c and gnx_event_openssl.cby tbamise - Nginx Mailing List - English
> > you are using client certificates, which is way you need a certificate > + key > on the nginx side to connect to upstream https. > I am using client certificates on nginx side to connect to upstream https. Issues is when I turn on client verification on upstream server, nginx doesn't provide the client certificates. Any ideas why? Thanks much appreciated!by tbamise - Nginx Mailing List - English
Hello! > The only thing you can specify is ssl_client_certificate (and > ssl_client_certificate_key), and it is used only in connections > with clients. > Following Nginx docs (http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate) you can specify ssl_certificate_key and ssl_certificate files in an nginx conf file which specifies the files with the certificaby tbamise - Nginx Mailing List - English
itpp2012 Wrote: ------------------------------------------------------- > > I've heard that stunned does not scale very well. I'm looking at > > managing a lot of simultaneous ssl connections hence using Nginx. > > You can loadbalance them, even create a pool for one worker with Lua > and expand them as needed. Thanks! I'll try thisby tbamise - Nginx Mailing List - English
tbamise Wrote: ------------------------------------------------------- > > > > Connections to upstream servers don't use any client certificates. > > > > Yes I agree. The connection to the upstream server uses the nginx > server certificates specified by $ssl_certificate(_key). > Basically I want to use: > for downstream to client - a.cert & a.cert.by tbamise - Nginx Mailing List - English
itpp2012 Wrote: ------------------------------------------------------- > tbamise Wrote: > ------------------------------------------------------- > > Is it possible to use a different set of certs for the client side > and > > another set for the upstream server side? > > Use a tunnel like stunnel to encrypt upstreams, which supports client > certs. I'veby tbamise - Nginx Mailing List - English
> > Connections to upstream servers don't use any client certificates. > Yes I agree. The connection to the upstream server uses the nginx server certificates specified by $ssl_certificate(_key). Basically I want to use: for downstream to client - a.cert & a.cert.key for connection to clients for upstream to upstream servers - b.cert & b.cert.key for connection to upstreby tbamise - Nginx Mailing List - English
Is it possible to use a different set of certs for the client side and another set for the upstream server side? My use case is to have different sets of local ssl certs on Nginx. A key/cert pair for communicating with clients and another set for communicating with the upstream proxy. Right now I can define a server module with ssl and specify the ssl certificates and specify a https protocoby tbamise - Nginx Mailing List - English
>> Patrick Lists wrote in post #1132735: >>> On 09-01-14 22:48, Styopa Semenukha wrote: >>>> Patrick, >>>> >>>> It's not possible, because SSL works on lower level (session layer) than HTTP >>> (application layer). >>> >>> Thank you for your feedback. That's unfortunate. I hope to see flexible >>> SSL coby tbamise - Nginx Mailing List - English
Hello everyone, New to forum, New to Nginx. Thought to say hello!!!by tbamise - New Member Introductions