Manage connection with expired client certificate

mattia.6789 · 2020-02-18T05:18:29+00:00

Hi,I'd like to use nginx's $connection variable for our logs, so that we can correlate the logs we create in the ssl_certificate_by_lua_block wi...

Manage connection with expired client certificate

mattia.6789

Dear all,

Is there a way to catch an expired client certificate instead of having to return an error page?

I configured nginx such that the client certificate is sent to the backend and the backend decides to autologin the user or return the login mask.

The problem is that if the client certificate is expired, I cannot manage to send the request to the backend (which should return the login mask, since the certificate is not valid) and the user it blocked.

The only thing I can succeed in doing it catch the error message and return a static page explaining the situation.

Is there a way to reach the mentioned configuration?

I know HA Proxy can handle this case by setting the flag "crt-ignore-err" and read the content of the variable "ssl_c_verify", which in combination with if statements let you reach any wished configuration.

Thank you very much!

Regards

Mat