Welcome! Log In Create A New Profile

Advanced

Custom certificate checks

Vinaya Kumar B
August 22, 2019 08:42AM
Hello,



I have a question relating to HTTPS support configuration
http://nginx.org/en/docs/http/configuring_https_servers.html in nginx.
With below configuration I was able to achieve mutual TLS between client
and server applications.



*File*: /etc/nginx/conf.d/default.conf



upstream backend {

server localhost:8180 weight=1;

}



server {

listen 8280 ssl;

ssl_protocols TLSv1.2;



ssl_certificate /home/ssl/server.crt;

ssl_certificate_key /home/ssl/server.key;



ssl_verify_client on;

ssl_client_certificate /home/ssl/ca.pem;



location / {

proxy_pass http://backend;

}



server_name localhost;



error_page 500 502 503 504 /50x.html;

location = /50x.html {

root /usr/share/nginx/html;

}

}



In addition to mutual TLS, I want to perform further custom certificate
checks (e.g. validate MAC address embedded in the client certificate). How
can I achieve this use case with nginx? Does nginx support a synthetic
header which has TLS session info detail (containing peer certificates)
that can be used by the proxy’d server to perform necessary custom checks?
Or, is there way to plugin some custom code nginx https module to perform
any additional checks? Thanks in advance!



Kind regards,

Vinaya
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

Custom certificate checks

Vinaya Kumar B 103 August 22, 2019 08:42AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 92
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready