Support TLS client side certificates

nginx / unit

NGINX Unit - universal web app server - a lightweight and versatile open source server that simplifies the application stack by natively executing application code across eight different programming language runtimes.

https://unit.nginx.org

Apache License 2.0

5.37k stars 323 forks source link

Support TLS client side certificates #225

Open zueve opened 5 years ago

zueve commented 5 years ago

Could you add support authentication by SSL/TLS client side certificates (https://en.wikipedia.org/wiki/Transport_Layer_Security#Client-authenticated_TLS_handshake) for NGINX Unit (like nginx with option ssl_client_certificate).

tippexs commented 1 year ago

This is still a very important feature / requirement but would mean we have to introduce the SSLClient side in NGINX Unit. This task has not beed started yet but for this reason I will keep the issue open and assign it to an engineer as soon as possible.

kylecotter commented 1 week ago

Would also love to see support for this!

Cloudflare and NGINX Unit have been a great combination for us.

Being able to leverage Cloudflare’s authenticated origin pull setup (which requires these certificates) directly with NGINX Unit would be amazing. Thanks for all your work!

javorszky commented 5 days ago

@kylecotter would you be able to add more detail to this? How are you using or planning to use Unit in Cloudflare's environment, and what's stopping you currently from doing it? There are a lot of moving parts in implementing client side certificates, so we'd like to get this right and fit for purpose.