Class NginxProxyTrustedClientCertificateLookup

  • All Implemented Interfaces:
    Provider, X509ClientCertificateLookup

    public class NginxProxyTrustedClientCertificateLookup
    extends AbstractClientCertificateFromHttpHeadersLookup
    The NGINX Trusted Provider verify extract end user X.509 certificate sent during TLS mutual authentication, verifies it against provided CA the and forwarded in an HTTP header along with a new header ssl-client-verify: SUCCESS. NGINX configuration must have : server { ... ssl_client_certificate path-to-trusted-ca.crt; ssl_verify_client on|optional; ssl_verify_depth 2; ... location / { ... proxy_set_header ssl-client-cert $ssl_client_escaped_cert; ... } Note that $ssl_client_cert is deprecated, use only $ssl_client_escaped_cert with this implementation
    Since:
    01/09/2022
    Version:
    $Revision: 1 $
    Author:
    Youssef El Houti