On Fri, May 18, 2018 at 12:59:32PM +0200, Marcello Lorenzi wrote:

Hi there,

> we're trying to configure a client certificate authentication on a Nginx
> 1.12.2 instance on our development environment, and all works fine. We
> would filter the access to a specific site with some particular client
> certificate to avoid that other certificates trusted by the same CA can
> access to this endpoint. Is it possible to configure it?

http://nginx.org/r/ssl_verify_client

The variable $ssl_client_verify can tell you that the certificate is valid
(signed by a trusted CA, and in date). The variable $ssl_client_cert
and friends like $ssl_client_s_dn tell you the certificate contents.

If you have the list of which certificates to allow, or which to reject,
then you can use a "map" to set a reject-variable, and if that variable
is true, deny access.

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx