alk453
Reputation: 135
Nginx not asking for client cert when POST method with payload
I have configured nginx for ssl-client-authentication. It is working fine for GET and POST (with out payload). But when we use POST with body, client is not passing the certificate.
- Either nginx is not asking for the cert
- Or the client(javascript) itself is ignoring the cert i'm not sure
Nginx Configuration
upstream abc-abc.com {
ip_hash;
server 172.16.x.x:8987;
}
server {
listen 443 ssl;
client_max_body_size 100M;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate ssl/bundle.crt;
ssl_certificate_key ssl/abc.key;
ssl_verify_client optional;
ssl_client_certificate /certs/client_ca.cert;
# Use Server preference
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
server_name "~^abc-(?:[A-Za-z0-9]{0,21}[A-Za-z0-9])?-?abc.com";
proxy_buffering off;
error_log /proc/self/fd/2;
access_log /proc/self/fd/1;
server_tokens off;
location = /robots.txt {
return 200 "User-agent: *\nDisallow: /\n";
}
location / {
proxy_pass https://abc-abc.com;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 36000s;
proxy_set_header X-SSL-Serial $ssl_client_serial;
proxy_set_header X-SSL-Verify $ssl_client_verify;
proxy_set_header X-SSL-SDN $ssl_client_s_dn;
proxy_set_header X-SSL-Cert $ssl_client_escaped_cert;
proxy_set_header X-SSL-Fingerprint $ssl_client_fingerprint;
proxy_set_header X-SSL-Start-Date $ssl_client_v_start;
proxy_set_header X-SSL-End-Date $ssl_client_v_end;
}
}
Please help, Thanks.
Upvotes: 0
Views: 687
Answers (1)
hschou
Reputation: 217
You are missing at least one option:
ssl_verify_depth 1;
Maybe also:
ssl_verify_client optional_no_ca;
Upvotes: 0
Related Questions
- How to make an https post request with Node.js (authorization required)
- Nginx proxy_ssl_certificate not working as expected
- Client certificate prompt not showing nginx
- how I send HTTP header with "grant_type=client_credentials"
- send https request from angular to nodejs. Can't send any data
- Post to an https rest endpoint using node.js
- Can't route https request through post method in node.js
- POST request with SSL to 3rd party API, failing: "Origin http://localhost:5000 is not allowed by Access-Control-Allow-Origin."
- HttpWebRequest doesn't seem to be sending a client SSL certificate
- POST data from browser not sending authentication header