Re: Nginx can’t proxy client certificate authentication

WoMa nginx-forum at forum.nginx.org
Sat Mar 16 18:30:16 UTC 2019


Hi Francis

I solved this problem maybe not elegantly but it works.

1) Client certificate authentication is set on the nginx side and not on
haproxy

         ssl_client_certificate /etc/pki/tls/certs/CA_COPE_SZAFIR_TEST.cer;

2) Authentication is optional and not required

         ssl_verify_client optional;

3 ) In locations that require a certificate (/ polishapi and /
identityserver), it is verified if the authentication was successful
client's certificate, if not, error 403 is returned - access denied

        if ($ssl_client_verify != SUCCESS) {
            return 403;
        }

I tested on IE 11, FF 65 and Chrome 72 the behavior was correct.


Good luck,
M.W.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,283393,283401#msg-283401



More information about the nginx mailing list