2

When setting up nginx with client-certificate config, ssl_verify_client should be set to on or optional. If we want to bypass verification for local users (like 192.168.0.0/24), we can use optional value. But this way, nginx still requests a certificate from browser and browser will show a prompt to user (if a signed certificate installed on browser).

Client-Certificate browser prompt

How we can eliminate this popup for local IPs? (even using lua module?). Can we set the value of ssl_verify_client based on IP (e.g. with a map)? (Can be a ssl_verify_client_by_lua or not?)

Taha Jahangir
  • 2,012
  • 1
  • 15
  • 16

1 Answers1

2

I know it's old questions, but this article was a top hit of google search when I try to find out the same question's answer.

Seems like Nginx team doesn't want to do it based on this answer.

https://trac.nginx.org/nginx/ticket/317

Zogoo
  • 21
  • 4