simpleidserver
commented
1 week ago Could you check the following points?
- By default, SimpleIdServer is configured to accept client certificates from the HTTP header
ssl-client-cert. Could you check if nginx is correctly configured to transmit the certificate via this header? The configuration should look something like this:
server {
listen 443 ssl;
...
ssl_verify_client optional_no_ca;
location / {
proxy_set_header ssl-client-cert $ssl_client_escaped_cert;
}
}- Could you also verify that the Certificate Authority used to issue the Client certificate is trusted by the Docker instance hosting the Identity Server?
qq1176914912
Hello, excuse me, I have a question I would like to consult. It is as follows: I deployed the project 5001 with docker, the open port is 80, and used nginx to bind the domain name and listen to port 443. When the client accesses the domain name :443, nginx will forward the request to the project 5001. I in the test (CIBA) (https://simpleidserver.com/docs/tutorial/ciba/) the sample has a problem, because he need MTLS, also is the need to server installation root certificate in 5001, Do I just need to install the root certificate inside dokcer of Project 5001? Or do you want to configure on nginx as well? At present, I have installed the root certificate inside dokcer, and used "openssl verify-CAFile" inside to verify that the CIBA client certificate display passed, but the sample request still shows: { "error": "invalid_request", "error_description": "certificate is required" } So I thought I'd come and ask you.