just to make sure I’m not misunderstanding you:
Usually, what happens is this:
I install an SSL cert (let’s call it certA) in a client browser, so I
can access https site A, which requires it.
But if I have a lot of clients, I’d ideally like to have nginx proxy
this cert, on behalf of my clients, so I don’t have to install it for
each of them. Are you saying that in order for nginx to proxy the cert,
I’ll first have to generate a CA cert on the server, and then sign the
client cert (certA) with it? Won’t this result in a self-signed
certificate warning every time a client tries to access site A?
Posted at Nginx Forum: