Hi Francis,
>The only extra piece you could add, if the haproxy side wanted to know
>which specific client certificate was used, would be to use some of the
>variables listed around http://nginx.org/r/$ssl_client_i_dn in headers
>sent to the upstream.
Thanks, I will probably need to pass this inf
On Sat, Mar 16, 2019 at 02:30:16PM -0400, WoMa wrote:
Hi there,
> I solved this problem maybe not elegantly but it works.
Good that you found a solution.
I think that what you describe is the way to do it -- nginx does the
client certificate authentication, and does not try to proxy that aspect
Hi Francis
I solved this problem maybe not elegantly but it works.
1) Client certificate authentication is set on the nginx side and not on
haproxy
ssl_client_certificate /etc/pki/tls/certs/CA_COPE_SZAFIR_TEST.cer;
2) Authentication is optional and not required
ssl_verify_cli
On Fri, Mar 15, 2019 at 10:38:25AM -0400, WoMa wrote:
Hi there,
> I have path: request https -> nginx -> haproxy -> http application
> It works fine until I add client certificate authentication on haproxy.
> When I add client certificate authentication on haproxy I getting error on
> nginx:
Not
Hi, all
I have path: request https -> nginx -> haproxy -> http application
It works fine until I add client certificate authentication on haproxy.
When I add client certificate authentication on haproxy I getting error on
nginx:
2019/03/14 17:39:39 [error] 1090#0: *6254 SSL_do_handshake() failed
