ssl_verify_client

Syntax:	`ssl_verify_client on \| off \| optional \| optional_no_ca;`
Default:	`ssl_verify_client off;`
Context:	`mail`, `server`

This directive appeared in version 1.7.11.

Enables verification of client certificates. The verification result is passed in the “Auth-SSL-Verify” header of the authentication request.

The optional parameter requests the client certificate and verifies it if the certificate is present.

The optional_no_ca parameter requests the client certificate but does not require it to be signed by a trusted CA certificate. This is intended for the use in cases when a service that is external to nginx performs the actual certificate verification. The contents of the certificate is accessible through requests sent to the authentication server.

Links:

https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_verify_client

doc_nginx

2025-01-10 15:47:30

Comments