Show all posts by user
Introduce yourselves
Page 1 of 1 Pages: 1
Results 1 - 10 of 10
Thanks Lukas! Guess I have to patch Nginx to use client certificates with upstream servers.
Any suggestion as to a good place to start? I'm looking to nix_http_upstream.c and gnx_event_openssl.c
by
tbamise
-
Nginx Mailing List - English
>
> you are using client certificates, which is way you need a certificate
> + key
> on the nginx side to connect to upstream https.
>
I am using client certificates on nginx side to connect to upstream https. Issues is when I turn on client verification on upstream server, nginx doesn't provide the client certificates.
Any ideas why?
Thanks much appreciated!
by
tbamise
-
Nginx Mailing List - English
Hello!
> The only thing you can specify is ssl_client_certificate (and
> ssl_client_certificate_key), and it is used only in connections
> with clients.
>
Following Nginx docs (http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate) you can specify ssl_certificate_key and ssl_certificate files in an nginx conf file which specifies the files with the certifica
by
tbamise
-
Nginx Mailing List - English
itpp2012 Wrote:
-------------------------------------------------------
> > I've heard that stunned does not scale very well. I'm looking at
> > managing a lot of simultaneous ssl connections hence using Nginx.
>
> You can loadbalance them, even create a pool for one worker with Lua
> and expand them as needed.
Thanks! I'll try this
by
tbamise
-
Nginx Mailing List - English
tbamise Wrote:
-------------------------------------------------------
> >
> > Connections to upstream servers don't use any client certificates.
> >
>
> Yes I agree. The connection to the upstream server uses the nginx
> server certificates specified by $ssl_certificate(_key).
> Basically I want to use:
> for downstream to client - a.cert & a.cert.
by
tbamise
-
Nginx Mailing List - English
itpp2012 Wrote:
-------------------------------------------------------
> tbamise Wrote:
> -------------------------------------------------------
> > Is it possible to use a different set of certs for the client side
> and
> > another set for the upstream server side?
>
> Use a tunnel like stunnel to encrypt upstreams, which supports client
> certs.
I've
by
tbamise
-
Nginx Mailing List - English
>
> Connections to upstream servers don't use any client certificates.
>
Yes I agree. The connection to the upstream server uses the nginx server certificates specified by $ssl_certificate(_key).
Basically I want to use:
for downstream to client - a.cert & a.cert.key for connection to clients
for upstream to upstream servers - b.cert & b.cert.key for connection to upstre
by
tbamise
-
Nginx Mailing List - English
Is it possible to use a different set of certs for the client side and another set for the upstream server side?
My use case is to have different sets of local ssl certs on Nginx. A key/cert pair for communicating with clients and another set for communicating with the upstream proxy.
Right now I can define a server module with ssl and specify the ssl certificates and specify a https protoco
by
tbamise
-
Nginx Mailing List - English
>> Patrick Lists wrote in post #1132735:
>>> On 09-01-14 22:48, Styopa Semenukha wrote:
>>>> Patrick,
>>>>
>>>> It's not possible, because SSL works on lower level (session layer) than HTTP
>>> (application layer).
>>>
>>> Thank you for your feedback. That's unfortunate. I hope to see flexible
>>> SSL co
by
tbamise
-
Nginx Mailing List - English