Re: Nginx can’t proxy client certificate authentication
WoMa
nginx-forum at forum.nginx.org
Sat Mar 16 18:30:16 UTC 2019
Hi Francis
I solved this problem maybe not elegantly but it works.
1) Client certificate authentication is set on the nginx side and not on
haproxy
ssl_client_certificate /etc/pki/tls/certs/CA_COPE_SZAFIR_TEST.cer;
2) Authentication is optional and not required
ssl_verify_client optional;
3 ) In locations that require a certificate (/ polishapi and /
identityserver), it is verified if the authentication was successful
client's certificate, if not, error 403 is returned - access denied
if ($ssl_client_verify != SUCCESS) {
return 403;
}
I tested on IE 11, FF 65 and Chrome 72 the behavior was correct.
Good luck,
M.W.
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,283393,283401#msg-283401
More information about the nginx
mailing list