question about client certs
Aleksandar Lazic
al-nginx at none.at
Wed Feb 3 08:37:25 UTC 2016
Am 02-02-2016 23:22, schrieb Alex Samad:
> Yep I think thats what i was asking.
Cool it would be nice if you can tell us if it's works and how was your
solution ;-)
BR Aleks
> We have a home grown RP at work that does it and IIS used to do it,
> apply cert requirements on part of the tree.
>
> On 2 February 2016 at 20:56, Aleksandar Lazic <al-nginx at none.at> wrote:
>> Dear Alex.
>>
>> Am 02-02-2016 04:32, schrieb Alex Samad:
>>>
>>> Hi
>>>
>>> Is it possible with nginx to do this
>>>
>>> https://www.abc.com
>>> /
>>> /noclientcert/
>>> /clientcert/
>>>
>>>
>>> so you can get to / with no client cert, but /clientcert/ you need a
>>> cert, but for /noclientcert/ you don't need a cert.
>>>
>>> Looks like from the config doco you can only set it for the whole
>>> tree ...
>>
>>
>> I would try to use this directives
>>
>> http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_verify_client
>> http://nginx.org/en/docs/http/ngx_http_map_module.html
>>
>> and in a map make something like this.
>>
>> map $ssl_client_cert $clientcert {
>> default "";
>> "~.*CLIENT_CERT_CHECK" clientcert;
>> }
>>
>> and
>>
>> location $clientcert {
>> }
>>
>> location no$clientcert {
>> }
>>
>> is this possible ;-)?
>>
>> BR Aleks
More information about the nginx
mailing list