SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

Improve documentation (client-certificate-setup.md)

Browse source
This commit is contained in:
Fadi Abbud 2022-03-25 07:45:02 +01:00
parent 782d653e59
commit 43c9a25c34
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/client-certificate-setup.md
View file

@ -37,7 +37,7 @@ differently, you could use several location blocks
each which a single `if` that matches the `$ssl_client_i_dn` variable
to CAs that you would want to allow for that location.
If you want to restrict the access to the web-interface of the `csaf_provider` for only some TLS client certificates, the CA issuer of these certificates should be assigned to the `issuer` key in the `/user/lib/csaf/config.toml` file e.g. `issuer = "C=DE,O=CSAF Tools Development (internal),CN=Tester" `.
If you want to restrict the writing permission and the accessing to the web-interface of the `csaf_provider` to only some TLS client certificates, the CA issuer of these certificates should be assigned to the `issuer` config option in the `/user/lib/csaf/config.toml` file e.g. `issuer = "C=DE,O=CSAF Tools Development (internal),CN=Tester" `.
To inspect the accepted format for this field you can check the value of the `ca:` in the nginx log file `/var/log/nginx/error.log`.
Reload or restart nginx to apply the changes (e.g. `systemctl reload nginx`