proxy_ssl_certificate

The proxy_ssl_certificate directive is used in NGINX configuration to define the path to the SSL certificate file that should be sent to an upstream server when establishing an SSL/TLS connection. This directive is particularly important in scenarios where NGINX acts as a reverse proxy for HTTPS connections, providing secure communication between the client and server. By specifying the client certificate, NGINX can authenticate itself to the backend server, allowing mutual SSL/TLS authentication.

This directive can be used in different contexts: http, server, and location, which makes it versatile in application across various scopes of NGINX configurations. The certificate specified should be in PEM format, which is the standard format for SSL certificates, ensuring compatibility with SSL/TLS protocols. The client certificate is often accompanied by a private key, which is set using the proxy_ssl_certificate_key directive to establish a secure link with the backend server.

It's crucial to ensure that the certificate file is correctly read by the user running the NGINX process. If NGINX cannot access the certificate file due to permissions issues, it will fail to start or reload, leading to service disruptions. Moreover, the SSL session settings may also need to be configured alongside this directive for optimal performance and security, such as specifying SSL protocols and ciphers, to secure the communication channel completely.