Score:0

Can i use different client certificates for different locations using nginx

cn flag

I have two different location on my Server:

  • server/locationA
  • server/locationB

I want to restrict access to these locations using two client certificates certA and certB.

locationA should only be accessible using certA and locationB only by using certB.

until now i did it like this using different ports:

server {

  listen 11111 ssl;
  server_name ServerA;

  ssl_certificate server.crt;
  ssl_certificate_key server.key;

  ssl_client_certificate certA.crt;
  ssl_verify_client optional;


  location /A {
    if ($ssl_client_verify != SUCCESS) {
      return 403;
    }
    alias /www/data/files/A.html;
  }
}

server {

  listen 22222 ssl;
  server_name ServerB;

  ssl_certificate server.crt;
  ssl_certificate_key server.key;

  ssl_client_certificate certB.crt;
  ssl_verify_client optional;


  location /B {
    if ($ssl_client_verify != SUCCESS) {
      return 403;
    }
    alias /www/data/files/B.html;
  }
}

my Question now would be is it possible to have both location at the same Port e.g. (server/A and server/B instead of server:11111/A and server:22222/B) ? And how would i need to structure my nginx config to achive this?

Score:0
in flag

No. A certificate applies to the server block, as it has to correspond to the servername.

It's not possible to use a different certificate just for a location.

Different server blocks are however the only thing you need, and you already have that. Just add two server blocks with port 443, use different server_names and their corresponding certificate.

just_some_dude avatar
cn flag
Do server_names correspond to different domain names or are these nginx/internal specific server names ?
in flag
This is the DNS name the server block should answer to.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.