Implement client SSL certificates for authentication
Implement client SSL certificates for authentication
This is a valid request, so we’ll look into it. There is no ETA at the moment, but we would really appreciate you voting for this request so that we can accurately assess its popularity relative to other features. Thanks in advance!
— rk
-
Lars Schultz commented
It is already possible...almost! For some reason ssl_client_certificate is used to configure the ca.crt instead of adding it in a chain to the crt-file specified in ssl_certificate instead of using the ssl_client_certificate-instruction which in my opinion is reserved for validating client-certificates. What is the reason for this? if i omit the ca.crt, then it works.
Please add support for this...! or change the way the ca.crt is integrated into the nginx-configuration.
-
Rekai commented
Apache (I do not know about nginx), when configuring a host with SSL lets you request SSL authentication. That way, when a browser (client) requests content from the server, the server, instead of asking for credentials, asks for an SSL certificate that the owner of the SSL key has to have given them previously. The server, having the SSL private key, can then verify the identity of the requestor and send or deny the content.
Long story short, allow to change the following knobs (in apache) in the (v)host configuration:
SSLVerifyClient [none | optional | require | optional_no_ca]
SSLVerifyDepth <integer> -
Anonymous commented
Сергей, хотелось бы чтобы была возможность настраивать nginx или а apache, такие директивы как
ssl_client_certificate
ssl_verify
ssl_depthэто нужно для 2х факторной авторизации с помощью клиентских сертификатов ( Mutual SSL погуглите плиз )
p.s сейчас можно указывать только сертификаты сервера, а вот это поле нельзя -
Anonymous commented
Currently SSL certificates can only be added by the server admin. It would be great if users can do this in power user panel too, so that the server admin hasn't so much effort.
-
Anonymous commented
I think he means a certificate that is "installed" in your browser and replaces username/password.
It's a good idea for the plesk panel because it's a very secure way to authentificate to a website.
It's used for example by the website of startssl.com where you can get free domain validated certificates for your website.