Configure NGINX for mutual TLS authentication

Configuration Prerequisite

It is assumed that certificate generation occurs on another machine. Before you configure NGINX, transfer the following files to the Tufin machine:

  • server.crt
  • server.key
  • ca.crt

Configuration

Add the following lines to the stream/server section of the NIGINX config file /etc/nginx/nginx.conf:

listen 6514 ssl;

proxy_pass localhost:10514;

ssl_certificate <full path to ceritifcate dir>/server.crt;

ssl_certificate_key <full path to ceritifcate dir>/server.key;

ssl_client_certificate <full path to ceritifcate dir>/ca.crt;

ssl_verify_client on;

ssl_protocols TLSv1.2;