SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 18:15:42 +01:00
Code Issues Releases Activity Actions

Improve documentation (client-certificate-setup.md)

Browse source
This commit is contained in:
Fadi Abbud 2022-03-25 07:45:02 +01:00
parent 782d653e59
commit 43c9a25c34
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/client-certificate-setup.md
View file

@ -37,7 +37,7 @@ differently, you could use several location blocks
each which a single `if` that matches the `$ssl_client_i_dn` variable each which a single `if` that matches the `$ssl_client_i_dn` variable
to CAs that you would want to allow for that location. to CAs that you would want to allow for that location.
If you want to restrict the access to the web-interface of the `csaf_provider` for only some TLS client certificates, the CA issuer of these certificates should be assigned to the `issuer` key in the `/user/lib/csaf/config.toml` file e.g. `issuer = "C=DE,O=CSAF Tools Development (internal),CN=Tester" `. If you want to restrict the writing permission and the accessing to the web-interface of the `csaf_provider` to only some TLS client certificates, the CA issuer of these certificates should be assigned to the `issuer` config option in the `/user/lib/csaf/config.toml` file e.g. `issuer = "C=DE,O=CSAF Tools Development (internal),CN=Tester" `.
To inspect the accepted format for this field you can check the value of the `ca:` in the nginx log file `/var/log/nginx/error.log`. To inspect the accepted format for this field you can check the value of the `ca:` in the nginx log file `/var/log/nginx/error.log`.
Reload or restart nginx to apply the changes (e.g. `systemctl reload nginx` Reload or restart nginx to apply the changes (e.g. `systemctl reload nginx`