Welcome! Log In Create A New Profile

Advanced

Re: Nginx can’t proxy client certificate authentication

March 16, 2019 02:30PM
Hi Francis

I solved this problem maybe not elegantly but it works.

1) Client certificate authentication is set on the nginx side and not on haproxy

ssl_client_certificate /etc/pki/tls/certs/CA_COPE_SZAFIR_TEST.cer;

2) Authentication is optional and not required

ssl_verify_client optional;

3 ) In locations that require a certificate (/ polishapi and / identityserver), it is verified if the authentication was successful client's certificate, if not, error 403 is returned - access denied

if ($ssl_client_verify != SUCCESS) {
return 403;
}

I tested on IE 11, FF 65 and Chrome 72 the behavior was correct.


Good luck,
M.W.
Subject Author Posted

Nginx can’t proxy client certificate authentication

WoMa March 15, 2019 08:42AM

Re: Nginx can’t proxy client certificate authentication

Francis Daly March 16, 2019 06:10AM

Re: Nginx can’t proxy client certificate authentication

WoMa March 16, 2019 02:30PM

Re: Nginx can’t proxy client certificate authentication

Francis Daly March 17, 2019 01:36PM

Re: Nginx can’t proxy client certificate authentication

WoMa March 18, 2019 04:31AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 107
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready