ssl_verify_client

Syntax:	`ssl_verify_client on \| off \| optional \| optional_no_ca;`
Default:	`ssl_verify_client off;`
Context:	`stream`, `server`

This directive appeared in version 1.11.8.

Enables verification of client certificates. The verification result is stored in the $ssl_client_verify variable. If an error has occurred during the client certificate verification or a client has not presented the required certificate, the connection is closed.

The optional parameter requests the client certificate and verifies it if the certificate is present.

The optional_no_ca parameter requests the client certificate but does not require it to be signed by a trusted CA certificate. This is intended for the use in cases when a service that is external to nginx performs the actual certificate verification. The contents of the certificate is accessible through the $ssl_client_cert variable.

Links:

https://nginx.org/en/docs/stream/ngx_stream_ssl_module.html#ssl_verify_client

doc_nginx

2017-02-09 07:09:37

Comments