question about client certs

Alex Samad alex at samad.com.au
Tue Feb 2 22:22:14 UTC 2016


Yep I think thats what i was asking.

We have a home grown RP at work that does it and IIS used to do it,
apply cert requirements on part of the tree.



On 2 February 2016 at 20:56, Aleksandar Lazic <al-nginx at none.at> wrote:
> Dear Alex.
>
> Am 02-02-2016 04:32, schrieb Alex Samad:
>>
>> Hi
>>
>> Is it possible with nginx to do this
>>
>> https://www.abc.com
>> /
>> /noclientcert/
>> /clientcert/
>>
>>
>> so you can get to / with no client cert, but /clientcert/ you need a
>> cert, but for /noclientcert/ you don't need a cert.
>>
>> Looks like from the config doco you can only set it for the whole tree ...
>
>
> I would try to use this directives
>
> http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_verify_client
> http://nginx.org/en/docs/http/ngx_http_map_module.html
>
> and in a map make something like this.
>
> map $ssl_client_cert $clientcert {
>   default "";
>   "~.*CLIENT_CERT_CHECK" clientcert;
> }
>
> and
>
> location $clientcert {
> }
>
> location no$clientcert {
> }
>
> is this possible ;-)?
>
> BR Aleks



More information about the nginx mailing list