Welcome! Log In Create A New Profile

Advanced

Exact Client public certificate authentication using Nginx

April 03, 2013 06:31AM
Hi,

I am relatevely new to Nginx and below is what i need to achieve.

I have an Nginx proxy server with following key and certicate.
->Nginx_server_private_key.pem
->Nginx_server_public_cert.cer(Signed By Verisign CA)

I have 3 clients who should be able to access the Nginx server based on their certificates. All their certificates are signed by verisign CA.
Client 1 has following key certificate pair
->Nginx_client1_private_key.pem
->Nginx_client1_public_cert.cer (Signed By verisign CA)
Similarly client 2
->Nginx_client2_private_key.pem
->Nginx_client2_public_cert.cer (Signed by Verisign CA)
Similarly client 3
->Nginx_client3_private_key.pem
->Nginx_client3_public_cert.cer (Signed by Verisign CA)

The server and clients will exchange their public certificates for mutual authentication.

During SSL handshake the Nginx server only validates the CA of the incoming public certificate and if the CA is trusted, it allowes the connection. By this logic any certificate signed by the same verisign CA will be able to access my application.

Question:
1. Can I configure Nginx to match the exact public certificate insted of verifying the signing CA?
2. Can I store the client's public certificates in a key store directory and configure Nginx to verify the incoming client certificates based on public certificates in that directory. In short, can I have a trust store or validation credential ?

Any help/suggestion is greatly appriciated.
SubjectAuthorPosted

Exact Client public certificate authentication using Nginx

SekharApril 03, 2013 06:31AM

Re: Exact Client public certificate authentication using Nginx

Maxim DouninApril 03, 2013 06:54AM

Re: Exact Client public certificate authentication using Nginx

SekharApril 03, 2013 09:30AM

Re: Exact Client public certificate authentication using Nginx

Maxim DouninApril 03, 2013 10:08AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 84
Record Number of Users: 7 on March 06, 2014
Record Number of Guests: 165 on April 21, 2014
Powered by nginx    Powered by FreeBSD    PHP Powered    Powered by Percona     ipv6 ready