Hi,
I have setup nginx as a ssl reverse proxy for tomcat. I am doing
matching based on client DN like that:
ssl on;
ssl_certificate /etc/ssl/server.crt;
ssl_certificate_key /etc/ssl/server.key;
ssl_client_certificate /etc/ssl/certs/ca.crt;
ssl_verify_client on;
location /client2 {
if ($ssl_client_s_dn = "/C=US/ST=OH/O=TEST.US/OU=ADM/CN=client2") {
proxy_pass http://127.0.0.1:8180;
break;
}
}
Everything works fine except that I have to restart nginx every time new
certificate is imported into a client browser. I would like to make them
work without restarting nginx. Is it possible or am I doing something
wrong ? Thanks in advance for any help
Posted at Nginx Forum: