Nginx filter client authentication
francis at daoine.org
Fri May 18 16:41:32 UTC 2018
On Fri, May 18, 2018 at 12:59:32PM +0200, Marcello Lorenzi wrote:
> we're trying to configure a client certificate authentication on a Nginx
> 1.12.2 instance on our development environment, and all works fine. We
> would filter the access to a specific site with some particular client
> certificate to avoid that other certificates trusted by the same CA can
> access to this endpoint. Is it possible to configure it?
The variable $ssl_client_verify can tell you that the certificate is valid
(signed by a trusted CA, and in date). The variable $ssl_client_cert
and friends like $ssl_client_s_dn tell you the certificate contents.
If you have the list of which certificates to allow, or which to reject,
then you can use a "map" to set a reject-variable, and if that variable
is true, deny access.
Francis Daly francis at daoine.org
More information about the nginx