Re: Nginx can’t proxy client certificate authentication

2019-03-18 Thread WoMa
Hi Francis, >The only extra piece you could add, if the haproxy side wanted to know >which specific client certificate was used, would be to use some of the >variables listed around http://nginx.org/r/$ssl_client_i_dn in headers >sent to the upstream. Thanks, I will probably need to pass this inf

Re: Nginx can’t proxy client certificate authentication

2019-03-17 Thread Francis Daly
On Sat, Mar 16, 2019 at 02:30:16PM -0400, WoMa wrote: Hi there, > I solved this problem maybe not elegantly but it works. Good that you found a solution. I think that what you describe is the way to do it -- nginx does the client certificate authentication, and does not try to proxy that aspect

Re: Nginx can’t proxy client certificate authentication

2019-03-16 Thread WoMa
Hi Francis I solved this problem maybe not elegantly but it works. 1) Client certificate authentication is set on the nginx side and not on haproxy ssl_client_certificate /etc/pki/tls/certs/CA_COPE_SZAFIR_TEST.cer; 2) Authentication is optional and not required ssl_verify_cli

Re: Nginx can’t proxy client certificate authentication

2019-03-16 Thread Francis Daly
On Fri, Mar 15, 2019 at 10:38:25AM -0400, WoMa wrote: Hi there, > I have path: request https -> nginx -> haproxy -> http application > It works fine until I add client certificate authentication on haproxy. > When I add client certificate authentication on haproxy I getting error on > nginx: Not

Nginx can’t proxy client certificate authentication

2019-03-15 Thread WoMa
Hi, all I have path: request https -> nginx -> haproxy -> http application It works fine until I add client certificate authentication on haproxy. When I add client certificate authentication on haproxy I getting error on nginx: 2019/03/14 17:39:39 [error] 1090#0: *6254 SSL_do_handshake() failed