proxy_ssl_trusted_certificate
The `proxy_ssl_trusted_certificate` directive specifies a file containing trusted CA certificates for validating SSL connections to proxied servers.
Description
The proxy_ssl_trusted_certificate directive is utilized in NGINX to set the path to a file that contains trusted Certificate Authority (CA) certificates. This is particularly important when establishing a secure connection to upstream servers over SSL/TLS, as it ensures that the client can validate the authenticity of the server's certificate. By specifying this directive, you enhance the security of your proxied connections by ensuring that they only communicate with trusted servers, which mitigate the risks of man-in-the-middle attacks.
When you configure this directive, NGINX will load the certificates specified in the file when initiating SSL connections to upstream servers. It's important that the file contains only PEM-encoded CA certificates. If the file is improperly formatted or does not contain the required certificates, NGINX may fail to establish SSL connections, resulting in errors in your application. This directive can be defined in the http, server, or location blocks, making it versatile for different scopes of your configuration.
Keep in mind that after modifying the trusted certificates, you will need to reload your NGINX configuration to apply the changes. The directive does not have a default value, implying that it must be explicitly set to enable SSL validation for proxied connections.
Config Example
http {
proxy_ssl_trusted_certificate /etc/nginx/certs/ca.crt;
}Ensure that the certificate file exists and is in the correct format (PEM-encoded).
Be cautious when using this directive in high-traffic environments, as it adds overhead for SSL validations.
Make sure to reload or restart NGINX after updating the certificate file.