question about client certs

Aleksandar Lazic al-nginx at none.at
Wed Feb 3 08:37:25 UTC 2016



Am 02-02-2016 23:22, schrieb Alex Samad:
> Yep I think thats what i was asking.

Cool it would be nice if you can tell us if it's works and how was your 
solution ;-)

BR Aleks

> We have a home grown RP at work that does it and IIS used to do it,
> apply cert requirements on part of the tree.
> 
> On 2 February 2016 at 20:56, Aleksandar Lazic <al-nginx at none.at> wrote:
>> Dear Alex.
>> 
>> Am 02-02-2016 04:32, schrieb Alex Samad:
>>> 
>>> Hi
>>> 
>>> Is it possible with nginx to do this
>>> 
>>> https://www.abc.com
>>> /
>>> /noclientcert/
>>> /clientcert/
>>> 
>>> 
>>> so you can get to / with no client cert, but /clientcert/ you need a
>>> cert, but for /noclientcert/ you don't need a cert.
>>> 
>>> Looks like from the config doco you can only set it for the whole 
>>> tree ...
>> 
>> 
>> I would try to use this directives
>> 
>> http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_verify_client
>> http://nginx.org/en/docs/http/ngx_http_map_module.html
>> 
>> and in a map make something like this.
>> 
>> map $ssl_client_cert $clientcert {
>>   default "";
>>   "~.*CLIENT_CERT_CHECK" clientcert;
>> }
>> 
>> and
>> 
>> location $clientcert {
>> }
>> 
>> location no$clientcert {
>> }
>> 
>> is this possible ;-)?
>> 
>> BR Aleks



More information about the nginx mailing list