Hi,
On a Wordpress website that works with a basic StartSSL certificate I
wonder if it is possible to configure nginx (1.4.4) to use a separate
self-signed cert with client certificate authentication for wp-login.php
and any link in wp-admin/ ?
So the regular https://blog.example.org/[some/link] uses the StartSSL
cert for the https session
But the https://blog.example.org/wp-login.php and
https://blog.example.org/wp-admin/* use a self-signed certficate with
client certificate authentication for the https session
Is that possible? If yes, any keywords or what to read up on are much
appreciated.
Thanks,
Patrick
Hi Styopa,
On 09-01-14 22:48, Styopa S. wrote:
Patrick,
It’s not possible, because SSL works on lower level (session layer) than HTTP
(application layer).
Thank you for your feedback. That’s unfortunate. I hope to see flexible
SSL config one day as an enhancement (if possible). For now I guess I’ll
do IP based deny/allow instead.
Regards,
Patrick
Patrick L. wrote in post #1132735:
On 09-01-14 22:48, Styopa S. wrote:
Patrick,
It’s not possible, because SSL works on lower level (session layer) than HTTP
(application layer).
Thank you for your feedback. That’s unfortunate. I hope to see flexible
SSL config one day as an enhancement (if possible).
It is not possible, not with nginx nor any other web server. Read up on
how the SSL handshake and HTTP over SSL works, and it should become
clear.
On Jan 10, 2014, at 12:13 , Andreas S. wrote:
It is not possible, not with nginx nor any other web server. Read up on
how the SSL handshake and HTTP over SSL works, and it should become
clear.
It is actually possible, at least Apache can do this with SSL
renegotiation.
But nginx currently does not support this.
On 10-01-14 09:16, Igor S. wrote:
SSL config one day as an enhancement (if possible).
It is not possible, not with nginx nor any other web server. Read up on
how the SSL handshake and HTTP over SSL works, and it should become
clear.
It is actually possible, at least Apache can do this with SSL renegotiation.
But nginx currently does not support this.
Thanks Igor. It’s good to know that it’s possible with Apache. I prefer
to stay with nginx so will use IP deny/allow for now.
Regards,
Patrick
Patrick,
It’s not possible, because SSL works on lower level (session layer) than
HTTP (application layer).
On Thursday, January 09, 2014 10:42:55 PM Patrick L. wrote:
But the https://blog.example.org/wp-login.php and
nginx mailing list
[email protected]
nginx Info Page
–
Best regards,
Styopa S…
Patrick L. wrote in post #1132735:
On 09-01-14 22:48, Styopa S. wrote:
Patrick,
It’s not possible, because SSL works on lower level (session layer)
than HTTP
(application layer).
Thank you for your feedback. That’s unfortunate. I hope to see flexible
SSL config one day as an enhancement (if possible).
It is not possible, not with nginx nor any other web server. Read up on
how the SSL handshake and HTTP over SSL works, and it should become
clear.
It is actually possible, at least Apache can do this with SSL
renegotiation.
But nginx currently does not support this.
Expanding on this question, is it possible to use a different set of
certs
for the client side and another set for the upstream server side?
Right now I can defined a server module with ssl and specify the ssl
certificates and specify a https protocol for proxy_pass for a location.
But
both connections end up using the same certificates specified with
$ssl_certificate. How can I specify different certificates for the
client
side connection and upstream side connection?
Thanks in advance.
Posted at Nginx Forum: