How to pass a certificate to an upstream

Hi,

I want to put NGINX in front of a server that requires
client-certificates.
I need to pass the certificate to the upstream.

How does one do that?

The upstream is a native jboss server (EJBCA in fact).

Best Regards,
Rainer

On Wed, Feb 09, 2011 at 02:54:21PM +0100, [email protected] wrote:

I want to put NGINX in front of a server that requires client-certificates.
I need to pass the certificate to the upstream.

How does one do that?

The upstream is a native jboss server (EJBCA in fact).

You can pass client certificate using some header, X-SSL-CERT, for
example:
proxy_set_header X-SSL-CERT $ssl_client_cert;
But I do not know how to get process it on jboss side.


Igor S.
http://sysoev.ru/en/

You can pass client certificate using some header, X-SSL-CERT, for
example:
proxy_set_header X-SSL-CERT $ssl_client_cert;
But I do not know how to get process it on jboss side.

OK, so I would need to ask on the EJBCA-side of things, it seems?

I read about $ssl_client_cert but couldn’d figure out how to pass it to
the upstream.

Thanks, Igor.

Best Regards,
Rainer

On Wed, Feb 09, 2011 at 03:09:08PM +0100, [email protected] wrote:

You can pass client certificate using some header, X-SSL-CERT, for
example:
proxy_set_header X-SSL-CERT $ssl_client_cert;
But I do not know how to get process it on jboss side.

OK, so I would need to ask on the EJBCA-side of things, it seems?

I read about $ssl_client_cert but couldn’d figure out how to pass it to
the upstream.

Yes, on backend side the header should conatains a client certificate
in PEM format.


Igor S.
http://sysoev.ru/en/