Welcome! Log In Create A New Profile

Advanced

Exact Client public certificate authentication using Nginx

April 03, 2013 06:31AM
Hi,

I am relatevely new to Nginx and below is what i need to achieve.

I have an Nginx proxy server with following key and certicate.
->Nginx_server_private_key.pem
->Nginx_server_public_cert.cer(Signed By Verisign CA)

I have 3 clients who should be able to access the Nginx server based on their certificates. All their certificates are signed by verisign CA.
Client 1 has following key certificate pair
->Nginx_client1_private_key.pem
->Nginx_client1_public_cert.cer (Signed By verisign CA)
Similarly client 2
->Nginx_client2_private_key.pem
->Nginx_client2_public_cert.cer (Signed by Verisign CA)
Similarly client 3
->Nginx_client3_private_key.pem
->Nginx_client3_public_cert.cer (Signed by Verisign CA)

The server and clients will exchange their public certificates for mutual authentication.

During SSL handshake the Nginx server only validates the CA of the incoming public certificate and if the CA is trusted, it allowes the connection. By this logic any certificate signed by the same verisign CA will be able to access my application.

Question:
1. Can I configure Nginx to match the exact public certificate insted of verifying the signing CA?
2. Can I store the client's public certificates in a key store directory and configure Nginx to verify the incoming client certificates based on public certificates in that directory. In short, can I have a trust store or validation credential ?

Any help/suggestion is greatly appriciated.
Subject Author Posted

Exact Client public certificate authentication using Nginx

Sekhar April 03, 2013 06:31AM

Re: Exact Client public certificate authentication using Nginx

Maxim Dounin April 03, 2013 06:54AM

Re: Exact Client public certificate authentication using Nginx

Sekhar April 03, 2013 09:30AM

Re: Exact Client public certificate authentication using Nginx

Maxim Dounin April 03, 2013 10:08AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 165
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready