For a project at work I had to setup a SSL Proxy with nginx, because one of our old weblogic server can’t manage SHA2 certificates and we can’t update now. We decided to make it talk to a SSL Proxy and here is the code of the nginx.conf acting as such. It makes use of Nginx module http_proxy.
As a little reminder we had a situation like this :
serverA (client certificate) -> webservice (HTTPS / server certificate)
and we want to reach the following situation
serverA -> nginx (client certificate) -> webservice (HTTPS / server certificate)
server {
listen 80;
server_name serverA.ip;
access_log logs/access.log main;
location / {
proxy_pass https://my.web.service:443/;
proxy_ssl_certificate /opt/nginx/conf/certs/cert-client.pem;
proxy_ssl_certificate_key /opt/nginx/conf/certs/key-client.pem;
proxy_ssl_verify on;
proxy_ssl_verify_depth 3; (you might need to adapt this to your CA chain, mine has 3 levels of certification)
proxy_ssl_session_reuse off;
proxy_ssl_trusted_certificate /opt/nginx/conf/certs/ca.pem;
}
}After that you need to setup your serverA to reach nginx:80 instead of webservice:443. And there’s no need for client certificate on serverA anymore.