Custom certificate checks

Vinaya Kumar B vinaya2008067 at gmail.com
Thu Aug 22 12:40:01 UTC 2019


Hello,



I have a question relating to HTTPS support configuration
<http://nginx.org/en/docs/http/configuring_https_servers.html> in nginx.
With below configuration I was able to achieve mutual TLS between client
and server applications.



*File*: /etc/nginx/conf.d/default.conf



upstream backend {

    server localhost:8180      weight=1;

}



server {

    listen 8280 ssl;

    ssl_protocols TLSv1.2;



    ssl_certificate /home/ssl/server.crt;

    ssl_certificate_key /home/ssl/server.key;



    ssl_verify_client on;

    ssl_client_certificate /home/ssl/ca.pem;



    location / {

        proxy_pass http://backend;

    }



    server_name  localhost;



    error_page   500 502 503 504  /50x.html;

    location = /50x.html {

        root   /usr/share/nginx/html;

    }

}



In addition to mutual TLS, I want to perform further custom certificate
checks (e.g. validate MAC address embedded in the client certificate). How
can I achieve this use case with nginx? Does nginx support a synthetic
header which has TLS session info detail (containing peer certificates)
that can be used by the proxy’d server to perform necessary custom checks?
Or, is there way to plugin some custom code nginx https module to perform
any additional checks? Thanks in advance!



Kind regards,

Vinaya
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20190822/187f02fe/attachment.html>


More information about the nginx-devel mailing list