Skip to content

Instantly share code, notes, and snippets.

@dtoubelis

dtoubelis/gist:562108c860df32f9b8cc

Last active August 29, 2015 14:27
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dtoubelis/562108c860df32f9b8cc to your computer and use it in GitHub Desktop.
Save dtoubelis/562108c860df32f9b8cc to your computer and use it in GitHub Desktop.
Download ZIP
nginx configuration for client certificate authentication
Raw
gistfile1.txt
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name api.example.com;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_certificate /etc/nginx/ssl/server-chain.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
# ciphers
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+AES128:EECDH+3DES:EDH+3DES:!SSLv2:!MD5:!DSS:!aNULL;
ssl_prefer_server_ciphers on;
# ssl session caching
ssl_session_cache shared:SSL:15m;
ssl_session_timeout 10m;
# enable OCSP Stapling, point to certificate chain
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/ssl/ocsp-chain.crt;
# enable client certificate authentication
ssl_client_certificate /etc/nginx/ssl/api-client-trustchain.crt;
ssl_verify_client on;
ssl_verify_depth 2;
...
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment