Yes - SSL and Client certs are completely orthogonal.  However nginx needs to 
know about whatever cert is used to sign the client certs.  Each client can't 
create completely distinct self-signed certs; they have to be signed by an 
issuer that nginx trusts.   The blog posts at [1] and [2] do a pretty good job 
outlining the process for client certs.  Notice that they both basically start 
with creating a CA you are going to use to issue client certs.



-----Original Message-----
From: nginx [] On Behalf Of spacerobot
Sent: Friday, February 09, 2018 12:57 PM
Subject: [IE] Different certificates and keys for server and client verification


I want my nginx listener to use SSL and do both server and client verification. 
However, I want it to use different certificates and keys for server vs client 
verification. The reason is that I want to use a properly signed certificate 
for the server verification and a self signed certificate for client 
verification (in order to manage allowed clients).

Is there a way to achieve this?


Posted at Nginx Forum:,278466,278466#msg-278466

nginx mailing list

This message contains proprietary information from Equifax which may be 
confidential. If you are not an intended recipient, please refrain from any 
disclosure, copying, distribution or use of this information and note that such 
actions are prohibited. If you have received this transmission in error, please 
notify by e-mail Equifax® is a registered trademark of 
Equifax Inc. All rights reserved.
nginx mailing list

Reply via email to