我想为我的网站使用CAC智能卡进行智能卡身份验证,服务器是nginx我已经有了https,并且我试图了解nginx服务器将如何检测我的智能卡证书
我的问题是,没有注释#ssl_client_certificate ;
的行,服务器就无法工作,但是我不知道我必须在该行中指出什么路径?因为在配置服务器之前不会加载客户端证书,所以一旦检测到智能卡就将加载客户端证书?
谢谢您的帮助
server {
listen 8443 ssl;
ssl_certificate /etc/nginx/cert.pem;
ssl_certificate_key /etc/nginx/key.pem;
ssl_verify_client on;
#ssl_client_certificate ;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
add_header Front-End-Https on;
add_header Cache-Control "public, must-revalidate";
add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
proxy_pass http://localhost;
proxy_next_upstream error timeout invalid_header;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-SSL-Client-Certificate $ssl_client_escaped_cert;
proxy_set_header X-SSL-Authenticated $ssl_client_verify;
}
location / {
include /run/uwsgi_pass;
include /etc/nginx/wsgi_params;
uwsgi_read_timeout 1800;
}
}
}