On This Page
Configure NGINX for mutual TLS authentication
Configuration Prerequisite
It is assumed that certificate generation occurs on another machine. Before you configure NGINX, transfer the following files to the Tufin machine:
- server.crt
- server.key
- ca.crt
Configuration
Add the following lines to the stream/server section of the NIGINX config file /etc/nginx/nginx.conf:
listen 6514 ssl;
proxy_pass localhost:10514;
ssl_certificate <full path to ceritifcate dir>/server.crt;
ssl_certificate_key <full path to ceritifcate dir>/server.key;
ssl_client_certificate <full path to ceritifcate dir>/ca.crt;
ssl_verify_client on;
ssl_protocols TLSv1.2;