How to allow only one login per one certificate?

S

Sergey2015-09-08 15:38:56

Nginx

Sergey, 2015-09-08 15:38:56

The situation is this.
There is a server on Nginx. There are self-signed certificates.
There is such a server configuration block:

listen       443;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl on;
ssl_verify_client on;
ssl_certificate        /etc/nginx/ssl/server-bundle.crt;
ssl_certificate_key    /etc/nginx/ssl/server.nopass.key;
ssl_client_certificate /etc/nginx/ssl/ca.crt;
ssl_crl                /etc/nginx/ssl/ca.crl;

And actually there was a question how to restrict access to the server so that on the 1st certificate there was 1 session. And is it even possible?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

Sergey Savostin, 2015-09-08
@Ualde

If it is extremely necessary not to let everyone who logged in earlier with the same certificate go further than nginx, then I suggest such a crutch.
The application at the "login", i.e. where the cookie is placed, let's say with the name SESSION_KEY, creates a folder (it can be on a ram disk, so that it's faster) with the name $client_serial (if there is none) and in it a file with the name $session_key. And deletes all other files in that folder.
In Nginx:

if ($ssl_client_verify = "VERIFIED") {
   if(-f /ramdisk/sessions/$ssl_client_serial/) {
      if(!-f /ramdisk/sessions/$ssl_client_serial/$cookie_SESSION_KEY/) {
         return 403;
      }
   }
}

Well, there to check if the badge came to $cookie_SESSION_KEY, etc.
PS Only as an idea.

T

TyzhSysAdmin, 2015-09-08
@POS_troi

I'm not entirely sure what you want to get as an output, but I can assume and suggest that you read this link habrahabr.ru/post/213741