Advanced TLS settings
ssl-client-cert
: The client cetificate that was usedssl-client-issuer-dn
: Client certificate’s issuer DNssl-client-subject-dn
: Client certificate;s distinguished namessl-client-verify
: Result of the operation. As we only forward requests on success the value should always be SUCCESS
.Generate the CA private key
Create the CA certificate
ca.key
file will be needed later to sign client certificates while the result ca.crt
will be needed to validate them.
Generate a private key for the client
Create a Certificate Signing Request (CSR) for the client
Create a configuration file for the client certificate
client.ext
with the following content:Generate the client certificate
client.key
and client.crt
files will be needed by the user to authenticate requests.CLIENT_CA
with the contents of the ca.crt
file. Afterwards we will deploy the following configuration:
ssl-client-*
headers providing additional information about it.