Configure NGINX for mutual TLS authentication

Configuration Prerequisite

It is assumed that certificate generation occurs on another machine. Before you configure NGINX, transfer the following files to the Tufin machine:

• server.crt
• server.key
• ca.crt

Configuration

Add the following lines to the stream/server section of the NIGINX config file /etc/nginx/nginx.conf:

listen 6514 ssl;

proxy_pass localhost:10514;

ssl_certificate <full path to ceritifcate dir>/server.crt;

ssl_certificate_key <full path to ceritifcate dir>/server.key;

ssl_client_certificate <full path to ceritifcate dir>/ca.crt;

ssl_verify_client on;

ssl_protocols TLSv1.2;