Validate Client certificate SDN fields (CN, OU, O, etc..) at Nginx
Francis Daly
francis at daoine.org
Thu Nov 27 08:10:07 UTC 2014
On Wed, Nov 26, 2014 at 11:24:45AM -0500, sandeepkolla99 wrote:
Hi there,
> I'm able to verify client certificate successfully. Now, additionally I want
> perform the following three validations on client certificate
You have $ssl_client_s_dn.
If you want to stay purely in nginx.conf, can you use "map" or another
regex match to extract the parts that you want into whatever variables
you want?
If you intend to use some backend processor (proxy_pass, fastcgi_pass),
then potentially you could send the variables or the certificate there
for validation.
Of you could use one of the embedded languages to access the same
variables.
I am not aware that stock nginx auto-creates extra variables beyond those
which are in the documentation -- if you want more, you do it yourself.
> I'm trying to find the nginx configuration statements to implement these
> validations. Please let me know if I need to elaborate this further.
Use "if" to compare (bits of) $ssl_client_s_dn with the thing you want,
and act accordingly.
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list