Yes - SSL and Client certs are completely orthogonal. However nginx needs to know about whatever cert is used to sign the client certs. Each client can't create completely distinct self-signed certs; they have to be signed by an issuer that nginx trusts. The blog posts at  and  do a pretty good job outlining the process for client certs. Notice that they both basically start with creating a CA you are going to use to issue client certs.
 http://nategood.com/client-side-certificate-authentication-in-ngi  https://arcweb.co/securing-websites-nginx-and-client-side-certificate-authentication-linux/ Jason -----Original Message----- From: nginx [mailto:nginx-boun...@nginx.org] On Behalf Of spacerobot Sent: Friday, February 09, 2018 12:57 PM To: email@example.com Subject: [IE] Different certificates and keys for server and client verification Hi, I want my nginx listener to use SSL and do both server and client verification. However, I want it to use different certificates and keys for server vs client verification. The reason is that I want to use a properly signed certificate for the server verification and a self signed certificate for client verification (in order to manage allowed clients). Is there a way to achieve this? Thanks! Posted at Nginx Forum: https://forum.nginx.org/read.php?2,278466,278466#msg-278466 _______________________________________________ nginx mailing list firstname.lastname@example.org http://mailman.nginx.org/mailman/listinfo/nginx This message contains proprietary information from Equifax which may be confidential. If you are not an intended recipient, please refrain from any disclosure, copying, distribution or use of this information and note that such actions are prohibited. If you have received this transmission in error, please notify by e-mail postmas...@equifax.com. Equifax® is a registered trademark of Equifax Inc. All rights reserved. _______________________________________________ nginx mailing list email@example.com http://mailman.nginx.org/mailman/listinfo/nginx