Proxy pass certificate autentificate TO MS IIS
agrisv
nginx-forum at nginx.us
Sun Oct 25 15:44:02 UTC 2015
Nginx 1.9.5 (linux Centos7)--> MS IIS 8.5
So i try to use nginx as client revers proxy for IIS where need client
certificate authentication at IIS level.
nginx:443->>IIS:443+client certificate authentications.
example location proxy pass
also here are commented commands which i try.
location ^~ /test/ {
#proxy_buffering off;
#proxy_http_version 1.0;
#proxy_request_buffering off;
#proxy_set_header Connection "Keep-Alive";
#proxy_set_header X-SSL-CERT $ssl_client_cert;
# proxy_ssl_name domain.lv;
#proxy_ssl_trusted_certificate /etc/nginx/ssl/root/CA.pem;
#proxy_ssl_verify_depth 2;
proxy_set_header HOST domain.com;
proxy_ssl_certificate /etc/nginx/ssl/test.pem;
proxy_ssl_certificate_key /etc/nginx/ssl/test_key.pem;
proxy_ssl_verify off;
proxy_pass https://10.2.4.101/;
}
At IIS simple.
1. create new website.
2. import CA cert in trusted root.
3. set ssl cert required.
Test what i get :
1. Directly browser to IIS client cert required--worked.
2. Nginx to other nginx client cert required--worked.
3. Nginx to IIS client cert ignore--worked
4. Nginx to IIS client cert required or accept - NOT work
ERROR:
Nginx side:
*4622 upstream timed out (110: Connection timed out) while reading
response header from upstream
*4622 access forbidden by rule, client: 10.2.6.1
IIS side:
500 0 64 119971
So i hope someone could know why?
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,262442,262442#msg-262442
More information about the nginx
mailing list