SSL Client Certificate Validation
dhallam
nginx-forum at forum.nginx.org
Tue Mar 27 12:37:11 UTC 2018
Hi,
I'm running nginx version: nginx/1.11.5 (nginx-plus-r11). I am trying to
connect a tcp client (with client cert) over SSL to nginx, where the SSL
will be validated and terminated, and then onto the upsteam server in the
clear.
I have the following configuration:
stream {
upstream upstream_servers {
server localhost:80;
}
server {
listen 192.168.0.30:443 ssl;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_client_certificate /etc/nginx/ssl/client.crt;
ssl_verify_client on;
ssl_ciphers
ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_verify_depth 2;
proxy_pass upstream_servers;
}
}
However, I get a '2018/03/27 12:14:35 [emerg] 18325#18325:
"ssl_client_certificate" directive is not allowed here in
/etc/nginx/conf.d/my-listener.conf:11' error when I try to start the
server.
According to
http://nginx.org/en/docs/stream/ngx_stream_ssl_module.html#ssl_client_certificate,
this seems to be a valid configuration directive.
Would anyone be able to help identify what it is that I am missing?
Many thanks,
Dave
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,279204,279204#msg-279204
More information about the nginx
mailing list