Hi Francis
I solved this problem maybe not elegantly but it works.
1) Client certificate authentication is set on the nginx side and not on
haproxy
ssl_client_certificate /etc/pki/tls/certs/CA_COPE_SZAFIR_TEST.cer;
2) Authentication is optional and not required
ssl_verify_client optional;
3 ) In locations that require a certificate (/ polishapi and /
identityserver), it is verified if the authentication was successful
client's certificate, if not, error 403 is returned - access denied
if ($ssl_client_verify != SUCCESS) {
return 403;
}
I tested on IE 11, FF 65 and Chrome 72 the behavior was correct.
Good luck,
M.W.
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,283393,283401#msg-283401
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
