Welcome! Log In Create A New Profile

Advanced

SSL Client Certificate Validation

Posted by dhallam 
dhallam
SSL Client Certificate Validation
March 27, 2018 02:40PM
Hi,

I'm running nginx version: nginx/1.11.5 (nginx-plus-r11). I am trying to
connect a tcp client (with client cert) over SSL to nginx, where the SSL
will be validated and terminated, and then onto the upsteam server in the
clear.

I have the following configuration:

stream {
upstream upstream_servers {
server localhost:80;
}

server {
listen 192.168.0.30:443 ssl;

ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_client_certificate /etc/nginx/ssl/client.crt;
ssl_verify_client on;

ssl_ciphers
ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_verify_depth 2;

proxy_pass upstream_servers;
}
}

However, I get a '2018/03/27 12:14:35 [emerg] 18325#18325:
"ssl_client_certificate" directive is not allowed here in
/etc/nginx/conf.d/my-listener.conf:11' error when I try to start the
server.

According to
http://nginx.org/en/docs/stream/ngx_stream_ssl_module.html#ssl_client_certificate,
this seems to be a valid configuration directive.

Would anyone be able to help identify what it is that I am missing?

Many thanks,

Dave

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,279204,279204#msg-279204

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Maxim Dounin
Re: SSL Client Certificate Validation
March 27, 2018 02:50PM
Hello!

On Tue, Mar 27, 2018 at 08:37:11AM -0400, dhallam wrote:

> I'm running nginx version: nginx/1.11.5 (nginx-plus-r11). I am trying to
> connect a tcp client (with client cert) over SSL to nginx, where the SSL
> will be validated and terminated, and then onto the upsteam server in the
> clear.

[...]

> However, I get a '2018/03/27 12:14:35 [emerg] 18325#18325:
> "ssl_client_certificate" directive is not allowed here in
> /etc/nginx/conf.d/my-listener.conf:11' error when I try to start the
> server.
>
> According to
> http://nginx.org/en/docs/stream/ngx_stream_ssl_module.html#ssl_client_certificate,
> this seems to be a valid configuration directive.
>
> Would anyone be able to help identify what it is that I am missing?

Quoting the link above:

: This directive appeared in version 1.11.8.

And you are using nginx 1.11.5, which is older than 1.11.8. You
have to upgrade to a newer version to get it working.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
dhallam
Re: SSL Client Certificate Validation
March 27, 2018 03:00PM
Thank you. Please accept my apologies for not spotting that in the
documentation.

Many thanks.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,279204,279206#msg-279206

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login