Proxy pass certificate autentificate TO MS IIS

agrisv nginx-forum at nginx.us
Sun Oct 25 15:44:02 UTC 2015


Nginx 1.9.5 (linux Centos7)--> MS IIS 8.5
So i try to use nginx as client revers proxy for IIS where need client
certificate authentication at IIS level.
nginx:443->>IIS:443+client certificate authentications.

example location proxy pass
also here are commented commands which i try.
location ^~ /test/ {
  #proxy_buffering off;
 #proxy_http_version 1.0;
 #proxy_request_buffering off;
 #proxy_set_header Connection "Keep-Alive";
    #proxy_set_header X-SSL-CERT $ssl_client_cert;
     # proxy_ssl_name domain.lv;
    #proxy_ssl_trusted_certificate /etc/nginx/ssl/root/CA.pem;
    #proxy_ssl_verify_depth 2;

     proxy_set_header HOST domain.com;
    proxy_ssl_certificate /etc/nginx/ssl/test.pem;
    proxy_ssl_certificate_key /etc/nginx/ssl/test_key.pem;
    proxy_ssl_verify off;
    proxy_pass https://10.2.4.101/;
	
}

At IIS simple.
1. create new website.
2. import CA cert in trusted root.
3. set ssl cert required.

Test what i get :
1. Directly browser to IIS client cert required--worked.
2. Nginx to other nginx client cert required--worked.
3. Nginx to IIS client cert ignore--worked
4. Nginx to IIS client cert required or accept - NOT work



ERROR:
Nginx side:
  *4622 upstream timed out (110: Connection timed out) while reading
response header from upstream
  *4622 access forbidden by rule, client: 10.2.6.1
IIS side:
  500 0 64 119971 

So i hope someone could know why?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,262442,262442#msg-262442



More information about the nginx mailing list