Add Client certificate when acting as reverse proxy (Apache/NGINX)

Question

My application makes (POST) requests to an external server (not under my control)

Now this server requires working with client certificates. My application currently can not handle this (or any time soon).

The idea was to add a reverse proxy. 1) application makes requests to the reverse proxy 2) reverse proxy takes care of client certificate stuff 3) result back to application.

I have no idea how to do (2). Or if it is even possible.

Documentation of NGINX seems to indicate it is impossible. Documentation of Apache is unclear and difficult to search for. Because I keep getting results for passing through the client certificate. Which is not what I need. I need to add a fresh one.

Anyone knows how to do this? (On Apache/NGINX/...)

Nginx has `proxy_ssl_certificate` and `proxy_ssl_certificate_key`. See [this link](http://nginx.org/en/docs/http/ngx_http_proxy_module.html). — Richard Smith, Nov 29 '18 at 12:50
Seems to work perfect. Thanks! If you make it an answer I can accept it. — PleaseCompile, Nov 29 '18 at 16:10

score 0 · Accepted Answer · answered Nov 29 '18 at 16:18

0

The Nginx proxy module is capable of transmitting a client certificate over an upstream SSL connection.

Use the proxy_ssl_certificate and proxy_ssl_certificate_key directives to configure it.

See the manual page for details.

answered Nov 29 '18 at 16:18

Richard Smith

11,859
2
18
26

Add Client certificate when acting as reverse proxy (Apache/NGINX)

1 Answers1

Linked