Client certificates and check for DN?
rainer at ultra-secure.de
rainer at ultra-secure.de
Wed Feb 28 16:04:06 UTC 2018
Am 2018-02-28 16:41, schrieb Igor A. Ippolitov:
> Hello.
>
> I'm not sure about what do you really need, but it looks like you can
> get almost the same result using a combination of map{} blocks and
> conditionals.
>
> Something like this:
>
> map $ssl_client_s_dn $ou_matched {
> ~OU=whatever 1;
> default 0;
> }
> map $ssl_client_s_dn $cn_matched {
> ~CN=whatever 1;
> default 0;
> }
> map $ou_verified$cn_verified $unauthed {
> ~0 1
> default 0;
> }
> server {
> ....
> ssl_trusted_certificate path/to/public/certs;
> ssl_verify_client on;
> if ($unauthed) {return 403;}
> }
OK, thanks a lot.
I'll look into it.
Currently, the exact details are still a bit murky.
Customer was very vague...
I'll know more Friday next week.
Regards,
Rainer
More information about the nginx
mailing list