Hi All,
lately I have switched from apache to nginx and I am having some troubles configuring basic authentication with client ssl certificates. In my apache configuration I have:
<Location /mylocation>
AuthType Basic
AuthName "Client Certificate Required"
AuthUserFile /path/to/user/file
SSLCACertificateFile "/path/to/ca"
Require valid-user
SSLVerifyClient require
SSLVerifyDepth 5
SSLRequireSSL
SSLOptions +FakeBasicAuth
</Location>
and I want to configure the same using nginx but no success. Below is the configuration I am using on nginx:
server {
listen *:443 ssl;
ssl on;
ssl_certificate /path/to.crt;
ssl_certificate_key /path/to.key;
ssl_client_certificate /path/to.pem;
ssl_verify_client optional;
ssl_verify_depth 5;
##kept out other configuration as its non-relevant
location /mylocation {
fastcgi_param VERIFIED $ssl_client_verify;
fastcgi_param DN $ssl_client_s_dn;
include /etc/nginx/fastcgi_params;
if ($ssl_client_verify != SUCCESS) {
return 403;
}
}
##kept out other configuration as its non-relevant
}
I am calling /mylocation using PAW (REST Client) and have provided the client certificate accordingly but keep getting always HTTP 403
The site is configured ok, and if I remove the check I get the response as expected.
Any response is much appreciated.
P.s:
nginx/1.10.3 (Ubuntu)
PHP 5.6 with FPM
Best,
Gezim.
lately I have switched from apache to nginx and I am having some troubles configuring basic authentication with client ssl certificates. In my apache configuration I have:
<Location /mylocation>
AuthType Basic
AuthName "Client Certificate Required"
AuthUserFile /path/to/user/file
SSLCACertificateFile "/path/to/ca"
Require valid-user
SSLVerifyClient require
SSLVerifyDepth 5
SSLRequireSSL
SSLOptions +FakeBasicAuth
</Location>
and I want to configure the same using nginx but no success. Below is the configuration I am using on nginx:
server {
listen *:443 ssl;
ssl on;
ssl_certificate /path/to.crt;
ssl_certificate_key /path/to.key;
ssl_client_certificate /path/to.pem;
ssl_verify_client optional;
ssl_verify_depth 5;
##kept out other configuration as its non-relevant
location /mylocation {
fastcgi_param VERIFIED $ssl_client_verify;
fastcgi_param DN $ssl_client_s_dn;
include /etc/nginx/fastcgi_params;
if ($ssl_client_verify != SUCCESS) {
return 403;
}
}
##kept out other configuration as its non-relevant
}
I am calling /mylocation using PAW (REST Client) and have provided the client certificate accordingly but keep getting always HTTP 403
The site is configured ok, and if I remove the check I get the response as expected.
Any response is much appreciated.
P.s:
nginx/1.10.3 (Ubuntu)
PHP 5.6 with FPM
Best,
Gezim.