Hi,
I am relatevely new to Nginx and below is what i need to achieve.
I have an Nginx proxy server with following key and certicate.
->Nginx_server_private_key.pem
->Nginx_server_public_cert.cer(Signed By Verisign CA)
I have 3 clients who should be able to access the Nginx server based on their certificates. All their certificates are signed by verisign CA.
Client 1 has following key certificate pair
->Nginx_client1_private_key.pem
->Nginx_client1_public_cert.cer (Signed By verisign CA)
Similarly client 2
->Nginx_client2_private_key.pem
->Nginx_client2_public_cert.cer (Signed by Verisign CA)
Similarly client 3
->Nginx_client3_private_key.pem
->Nginx_client3_public_cert.cer (Signed by Verisign CA)
The server and clients will exchange their public certificates for mutual authentication.
During SSL handshake the Nginx server only validates the CA of the incoming public certificate and if the CA is trusted, it allowes the connection. By this logic any certificate signed by the same verisign CA will be able to access my application.
Question:
1. Can I configure Nginx to match the exact public certificate insted of verifying the signing CA?
2. Can I store the client's public certificates in a key store directory and configure Nginx to verify the incoming client certificates based on public certificates in that directory. In short, can I have a trust store or validation credential ?
Any help/suggestion is greatly appriciated.