I've to answer my own question. Vhosts are only known after ssl-handshake and therefore after client certificate check. Now I'm using a bundle of all CA's I need. After the certificate is tested successfully I additionally test if it's a valid issuer (of the tested certificate) for this vhost (on the specific vhost/application).by ege - How to...
Hello, I use nginx as a proxy server for some clusters and a lot of virtual hosts. Now we plan to offer client authentication through client certificates. I wonder how I can use different ca certificates for each vhost or an other way to ensure that the given client certificate is valid for a specific vhost. What I mean. How can I ensure to use the correct ca for the client certificate to avoidby ege - How to...