Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
RuRoman2022-02-07 20:05:23
linux
RuRoman, 2022-02-07 20:05:23

How to organize access by certificate to the server?

The essence of the question is as follows:
There is a site www.site.com
It works on HTTPS - a certificate from Let's Encrypt
It is necessary to add user authorization to this by the issued certificate.
Those. certificates for users are generated on the server and they can use them to enter the site.

UPD! The Let's Encrypt certificate should still work!
All the examples that were written are designed for simple authorization by certificate!
And you need to have a Let's Encrypt connection and authorization using a self-signed certificate...

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
A
Alexander Karabanov, 2022-02-07
@karabanov

Authorization of clients in nginx using an SSL certificate

Report
A
AlexVWill, 2022-02-07
@AlexVWill

So what prevents
a) to make certificates for users on the server in OpenSSL and distribute them so that they add them to their storage?.
b) to fasten authorization by certificate to the server? https://stuff-things.net/2015/09/28/configuring-ap...
UPD

UPD! The Let's Encrypt certificate should still work!
All the examples that were written are designed for simple authorization by certificate!
And you need to have a Let's Encrypt connection and authorization using a self-signed certificate...

Did you check? I have everything working as it should. Here is a detailed Russian instruction for you: https://www.opennet.ru/base/sec/ssl_cert.txt.html
I personally checked it, it works as it should, i.e. authorization by a self-signed certificate, but at the same time Let'sencrypt confirms the domain.

Report
C
CityCat4, 2022-02-07
@CityCat4

- Create a CA
- Issue certificates for users in it
- Configure the server to require a certificate from a specific CA (your)
- Distribute certificates to users
- Warn about responsibility for impersonation (when someone who knows the password from a user login gains access to the profile in which the certificate and enters the site as if he were the right user, that is, no one canceled the requirement of a strong password)

Similar questions
V
Vladislav Incognitov2016-02-10 04:17:12
Which distro is suitable for Asus X550CC? 4Reply
D
DVoropaev2020-06-28 00:47:42
"Some packages could not be installed." - why? 2Reply
D
dimzon5412013-08-15 18:00:13
With the distribution of IPv6 to LAN? 3Reply
T
Tremo2016-02-11 05:50:01
How to make a full backup of Zabbix-a? 3Reply
B
barkalov2013-08-18 04:54:57
Postfix relay_domains. How to send mail to the network? 5Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question