• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Question SSL Client Authentication Nginx

João Reis

New Pleskian
Hi,

I want to know how to implement SSL Client Authentication in nginx or apache.
I tried the Additional nginx directives but it gives me an error. Check the image.

Thanks in advance



 

Attachments

  • nginx.png
    nginx.png
    38.8 KB · Views: 13
Is there a proper answer to this one?

If one uses Let's Encrypt there is a ssl_client_certificate in the nginx configuration file, but I am not sure how to use this one to sign or generate the client certificate.

ssl_client_certificate /opt/psa/var/certificates/scfQ34FHW;
 
My Host just got updated to Plesk Obsidian (from Onyx). With that my only way of using verifying client-certificates in nginx went out the window.
To prevent Plesk from using the "ssl_client_certificate" instruction (why does it even use that? its for a different purpose) i uploaded the crt and the ca.crt in one file as a chain. This way, the Ca-Certificate would just get supplied by ssl_certificate as a chained certificate, which is perfectly valid and normal in any other nginx-configuration. Now this is broken because the Obsidian-Update strips any additional Certificates supplied in the Certificate file and only saves the first one. This way, i can not use this method anymore.

Also my only method of supplying PHP with
fastcgi_param SSL_CLIENT_VERIFY $ssl_client_verify;
fastcgi_param SSL_CLIENT_S_DN $ssl_client_s_dn;
got broken because Plesk no stops the PHP-FPM service as soon as PHP-Support is disabled in the hosting settings. This was not the case before. Before it only removed the nginx-configuration, but the service was left running. Now I have no way of using my own PHP Configuration under Additional Nginx-Settings.

Please give me a way to require client-certificate validation.
 
Back
Top