ProxySSL with client certificate - error redirection problem
adileso
nginx-forum at nginx.us
Mon Sep 21 16:46:03 MSD 2009
Hi all,
I have published an internal web site with HTTPS and set the ssl_verify_client on. I need some fields from the client certificate to send them to the back-end web server, so I can correctly access a specific database.
It's working but I also need to redirect the client to a second internal website in case his certificate is missing or is invalid.
I have tried to capture the error page that I've got in the browser (when I don't send a client certificate) and put a redirect link in that error page. The second website will generate the client certificates based on a user and password.
I am trying to avoid to give 2 separate links to the client (one for the client certificate generation and one for database access)
Any suggestions? I've tried also to do this with apache ssl_error_module with no luck.
Thanks in advance.
server {
listen 8443;
ssl on;
ssl_certificate /etc/httpd/ssl/proxy-ssl.cer;
ssl_certificate_key /etc/httpd/ssl/server.key;
ssl_client_certificate /etc/httpd/ssl/ca-bundle.crt;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
ssl_verify_client on;
ssl_verify_depth 5;
error_page 400 /400.html;
location /400.html {
root /usr/share/nginx/html;
}
access_log /var/log/nginx/proxy.access.log main;
error_log /var/log/nginx/proxy.error.log debug;
location / {
proxy_pass http://10.20.0.15:80; proxy_buffering on;
proxy_set_header Subject $ssl_client_s_dn;
proxy_set_header Issuer $ssl_client_i_dn;
proxy_set_header SerialNumber $ssl_client_serial;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 15;
proxy_intercept_errors on;
}
}
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,8120,8120#msg-8120
More information about the nginx
mailing list