Can i use different client certificates for different locations using nginx

just_some_dude

9/12/23, 9:35 AM

I have two different location on my Server:

server/locationA
server/locationB

I want to restrict access to these locations using two client certificates certA and certB.

locationA should only be accessible using certA and locationB only by using certB.

until now i did it like this using different ports:

server {

  listen 11111 ssl;
  server_name ServerA;

  ssl_certificate server.crt;
  ssl_certificate_key server.key;

  ssl_client_certificate certA.crt;
  ssl_verify_client optional;


  location /A {
    if ($ssl_client_verify != SUCCESS) {
      return 403;
    }
    alias /www/data/files/A.html;
  }
}

server {

  listen 22222 ssl;
  server_name ServerB;

  ssl_certificate server.crt;
  ssl_certificate_key server.key;

  ssl_client_certificate certB.crt;
  ssl_verify_client optional;


  location /B {
    if ($ssl_client_verify != SUCCESS) {
      return 403;
    }
    alias /www/data/files/B.html;
  }
}

my Question now would be is it possible to have both location at the same Port e.g. (server/A and server/B instead of server:11111/A and server:22222/B) ? And how would i need to structure my nginx config to achive this?

0 + 0

nginx

authentication

ssl-certificate

Score:0

Server

Gerald Schneider

9/12/23, 9:37 AM

No. A certificate applies to the server block, as it has to correspond to the servername.

It's not possible to use a different certificate just for a location.

Different server blocks are however the only thing you need, and you already have that. Just add two server blocks with port 443, use different server_names and their corresponding certificate.

0 + 0

just_some_dude

9/12/23, 1:23 PM

Do server_names correspond to different domain names or are these nginx/internal specific server names ?

Gerald Schneider

9/12/23, 1:24 PM

This is the DNS name the server block should answer to.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Can i use different client certificates for different locations using nginx

TH: ฉันสามารถใช้ใบรับรองไคลเอ็นต์อื่นสำหรับตำแหน่งต่างๆ โดยใช้ nginx

RO: Pot folosi diferite certificate de client pentru diferite locații folosind nginx

RU: Могу ли я использовать разные клиентские сертификаты для разных мест с помощью nginx?

VI: Tôi có thể sử dụng các chứng chỉ ứng dụng khách khác nhau cho các vị trí khác nhau bằng nginx không

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.