Exact Client public certificate authentication using Nginx

Sekhar nginx-forum at nginx.us
Wed Apr 3 10:31:49 UTC 2013


Hi,

I am relatevely new to Nginx and below is what i need to achieve.

I have an Nginx proxy server with following key and certicate.
	->Nginx_server_private_key.pem
	->Nginx_server_public_cert.cer(Signed By Verisign CA)
	
I have 3 clients who should be able to access the Nginx server based on
their certificates. All their certificates are signed by verisign CA.
Client 1 has following key certificate pair
	->Nginx_client1_private_key.pem
	->Nginx_client1_public_cert.cer (Signed By verisign CA)
Similarly client 2
	->Nginx_client2_private_key.pem
	->Nginx_client2_public_cert.cer (Signed by Verisign CA)
Similarly client 3
	->Nginx_client3_private_key.pem
	->Nginx_client3_public_cert.cer (Signed by Verisign CA)
	
The server and clients will exchange their public certificates for mutual
authentication.

During SSL handshake the Nginx server only validates the CA of the incoming
public certificate and if the CA is trusted, it allowes the connection. By
this logic any certificate signed by the same verisign CA will be able to
access my application.

Question:
1. Can I configure Nginx to match the exact public certificate insted of
verifying the signing CA? 
2. Can I store the client's public certificates in a key store directory and
configure Nginx to verify the incoming client certificates based on public
certificates in that directory. In short, can I have a trust store or
validation credential ?

Any help/suggestion is greatly appriciated.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,238050,238050#msg-238050



More information about the nginx mailing list