SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

Documentation

Browse source
This commit is contained in:
Fadi Abbud 2022-02-22 11:06:51 +01:00
parent 9e422d5ad2
commit cbf39f9806
2 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/client-certificate-setup.md
View file

@ -37,6 +37,8 @@ differently, you could use several location blocks
each which a single `if` that matches the `$ssl_client_i_dn` variable
to CAs that you would want to allow for that location.
If you want to allow the access to the web-interface of the provider for some TLS client certificates, the CA issuer of these certificates should be assigned to the `issuer` key in the `/user/lib/csaf/config.toml` file.
Reload or restart nginx to apply the changes (e.g. `systemctl reload nginx`
on Debian or Ubuntu.)

5
docs/development-client-certs.md
View file

@ -56,3 +56,8 @@ certtool --generate-certificate --load-privkey testclient2-key.pem --outfile tes
certtool --load-ca-certificate rootca-cert.pem --load-certificate testclient2.crt --load-privkey testclient2-key.pem --to-p12 --p12-name "Test Client 2" --null-password --outder --outfile testclient2.p12
```
In case of many CAs are used to verify the client certificates these should be included in the list of the allowed CA certificates in the `ssl_client_certificate` bundle of nginx.
E.g. `cat rootca-cert-1.pem rootca-cert-2.pem >> allowedCAs.pem`. Nginx config: `ssl_client_certificate allowedCAs.pem;`