nginx 双向证书验证_使用Nginx的基于证书的双向TLS身份验证

最新推荐文章于 2024-04-22 14:46:16 发布

VIP文章 weixin_26740495

最新推荐文章于 2024-04-22 14:46:16 发布

阅读量1.6k

点赞数 1

文章标签： nginx https ssl

原文链接：https://levelup.gitconnected.com/certificate-based-mutual-tls-authentication-with-nginx-57c7e693759d

版权

nginx 双向证书验证

Additional layer of security for your Flask or FastAPI server

Flask或FastAPI服务器的附加安全层

You will learn to create self-signed server certificates in order to serve your web application as https. Later on, you can easily swap it with certificates from certificates authorities for your server.

您将学习创建自签名服务器证书，以便将Web应用程序用作https。稍后，您可以轻松地将其与服务器证书颁发机构颁发的证书交换。

In addition, this article will also cover two-way authentication between server and client using certificates. Users are required to install relevant certificates in their browser before they can access your web application. This method provides an alternative to the usual username-password authentication. Have a look at the following image for an overview of mutual TLS authentication

此外，本文还将介绍使用证书的服务器和客户端之间的双向身份验证。用户必须先在浏览器中安装相关证书，然后才能访问您的Web应用程序。此方法提供了通常的用户名密码验证的替代方法。查看下图，以了解相互TLS身份验证的概述

Image for post — CodeProject CodeProject

It is mostly used in workplace or universities in which users can only access internal websites with the company’s computers that have been installed with the right certificates. One major advantage is no password removal or creation is required in the event where an employee resigned from his/her job or there is an intake of new students to the university. Please bear in mind that such authentication is just another way to secure your application. In fact, you can even combine it with username-password authentication for better security. It largely depends on your use cases.

它主要用于工作场所或大学中，其中用户只能使用已安装了正确证书的公司计算机访问内部网站。一个主要优点是，如果员工辞职或大学招收新学生，则无需删除或创建密码。请记住，这种身份验证只是保护您的应用程序的另一种方法。实际上，您甚至可以将其与用户名密码身份验证结合使用以提高安全性。这在很大程度上取决于您的用例。

1.设定 (1. Setup)

I am using Ubuntu 18.04.5 LTS (Bionic Beaver) for this tutorial. You can check the os version of your local machine via the following command

我在本教程中使用Ubuntu 18.04.5 LTS(Bionic Beaver)。您可以通过以下命令检查本地计算机的操作系统版本

cat /etc/os-release

Before you continue, make sure that you have installed both Nginx and OpenSSL in your machine.

在继续之前，请确保已在计算机中安装了Nginx和OpenSSL。

Nginx的 (Nginx)

Run the following command to check if nginx is installed in your machine.

运行以下命令以检查您的计算机中是否安装了nginx。

nginx -v

的OpenSSL (OpenSSL)

As for OpenSSL, you can easily check it as follows:

对于OpenSSL，您可以轻松地按以下步骤进行检查：

openssl version -a

If it is not install, kindly refer to the following link to install it.

如果尚未安装，请参考以下链接进行安装。

Let’s proceed to the next section to generate the required certificates and private keys using OpenSSL.

让我们继续进行下一部分，以使用OpenSSL生成所需的证书和私钥。

2. OpenSSL (2. OpenSSL)

服务器证书和密钥 (Server Certificate and Key)

Change the working directory

最低0.47元/天解锁文章

weixin_26740495

关注

1
点赞
踩
5

收藏

觉得还不错? 一键收藏
0
评论
nginx 双向证书验证_使用Nginx的基于证书的双向TLS身份验证

nginx 双向证书验证Additional layer of security for your Flask or FastAPI serverFlask或FastAPI服务器的附加安全层You will learn to create self-signed server certificates in order to serve your web application as https...
复制链接

扫一扫