mtls configuration in NGINX - upstream chain validation

Asked May 05 '22 at 14:54

Active May 05 '22 at 14:54

Viewed 45 times

I have several questions regarding the mtls configuration in NGINX:

When configuring with ngx_http_proxy_module, to verify upstream certificate, does upstream's TLS chain have to be stored in a cert which is used in proxy_ssl_trusted_certificate property? or just the Root CA certificate? or intermediary and root?

The server's TLS chain looks approximately like this:

0 - A cert for a company's domain, issued by Digicert Global CA G2

1 - Digicert Global CA G2, issued by Digicert Global Root G2

Does NGINX validate the signatures on all certs in upstream TLS chain? If no, how to enable?

asked May 05 '22 at 14:54

user3621726

3

Does this answer your question? [nginx as reverse proxy with upstream SSL](https://serverfault.com/questions/341023/nginx-as-reverse-proxy-with-upstream-ssl) i think by default it does not – djdomi May 05 '22 at 17:31

mtls configuration in NGINX - upstream chain validation

0 Answers0