Add client authentication example.

author: Jeremy Clerc <jclerc@google.com> 2017-02-15 14:29:43 +0100
committer: Jeremy Clerc <jclerc@google.com> 2017-02-15 14:29:43 +0100
commit: 51e2e81502cdab076a3c0e4958fbb58884418fc8 (patch)
tree: 76d94f65b7b3814d0c5e335ec7e6952adf259647 /example/client-auth/nginx.conf
parent: 1d7c7f7b897ad203f8d873d6338edd7ec735f936 (diff)
download: easypki-51e2e81502cdab076a3c0e4958fbb58884418fc8.tar.xz
1 files changed, 29 insertions, 0 deletions
diff --git a/example/client-auth/nginx.conf b/example/client-auth/nginx.conf
new file mode 100644
index 0000000..8a27f9b
--- /dev/null
+++ b/example/client-auth/nginx.conf
@@ -0,0 +1,29 @@
+server {
+    listen              443 ssl;
+    server_name         localhost;
+    keepalive_timeout   70;
+
+    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers         AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
+    ssl_certificate     /etc/nginx/conf.d/localhost+chain.crt;
+    ssl_certificate_key /etc/nginx/conf.d/localhost.key;
+    ssl_session_cache   shared:SSL:10m;
+    ssl_session_timeout 10m;
+
+
+    ssl_client_certificate /etc/nginx/conf.d/trusted+chain.crt;
+    ssl_verify_depth 2;
+
+    ssl_verify_client on;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+}
author	Jeremy Clerc <jclerc@google.com>	2017-02-15 14:29:43 +0100
committer	Jeremy Clerc <jclerc@google.com>	2017-02-15 14:29:43 +0100
commit	51e2e81502cdab076a3c0e4958fbb58884418fc8 (patch)
tree	76d94f65b7b3814d0c5e335ec7e6952adf259647 /example/client-auth/nginx.conf
parent	1d7c7f7b897ad203f8d873d6338edd7ec735f936 (diff)
download	easypki-51e2e81502cdab076a3c0e4958fbb58884418fc8.tar.xz