Nginx and 400 SSL error handling

2019-06-11 Thread Marcello Lorenzi
Hi All, We’re trying to configure a client authentication on an Nginx 1.15.12 and we noticed a “400 Bad Request - SSL Certificate Error” because a certificate CA isn’t present into the certificates listed into “ssl_client_certificate”. This is the configuration for the SSL authentication.

Re: Nginx and 400 SSL error handling

2019-06-12 Thread Marcello Lorenzi
Hi, It works correctly. Thanks for the tips. Marcello On Tue, Jun 11, 2019 at 10:46 AM Francis Daly wrote: > On Tue, Jun 11, 2019 at 10:25:32AM +0200, Marcello Lorenzi wrote: > > Hi there, > > > Actually we would return a 401 error page instead a 400 error page but we

Re: Nginx and conditional logformat

2019-07-26 Thread Marcello Lorenzi
Hi Maxim, I tried to configure the location with this example: server { access_log logs/access_log sslclient; location / { if ($ssl_client_verify != "SUCCESS") { set $loggingcert 1; } access_log logs/access_log sslclientfull

Re: Nginx and conditional logformat

2019-08-01 Thread Marcello Lorenzi
3:02 PM Maxim Dounin wrote: > Hello! > > On Fri, Jul 26, 2019 at 03:49:05PM +0200, Marcello Lorenzi wrote: > > > Hi Maxim, > > I tried to configure the location with this example: > > > > server { > > access_log logs/acce

Nginx filter client authentication

2018-05-18 Thread Marcello Lorenzi
Hi All, we're trying to configure a client certificate authentication on a Nginx 1.12.2 instance on our development environment, and all works fine. We would filter the access to a specific site with some particular client certificate to avoid that other certificates trusted by the same CA can acce

Nginx realip vs proxypass

2015-10-02 Thread Marcello Lorenzi
Hi All we're testing a new nginx implementation to put in front our web application to retrieve the X-Forwarded-For header sent by an external reverse proxy and configure it as realip address of the requests forwarded to we app. We have installed nginx with the realip module and from the access lo

Nginx Ja3 fingeprint support

2023-06-09 Thread Marcello Lorenzi
Hi All, we tried to install an updated module for the SSL fingerprint in Nginx https://github.com/salesforce/ja3 but some modules like https://github.com/phuslu/nginx-ssl-fingerprint aren't compatible with OpenSSL 3. Could you help us if it's possible to configure this fingerprint implementation?