在没有SSL Manager插件的情况下,如何使用HTTP Sender提交客户端证书? [英] How can I use HTTP Sender to submit a client certificate without the SSL Manager Plugin?
问题描述
我们有一个Mirth服务器,该服务器不受支持合同的约束,该合同需要POST
到客户端证书身份验证的HTTPs服务.由于证书是自签名的,因此将其添加到appdata\keystore.jks
似乎不起作用.
We have a Mirth server which is not under a support contract which needs to POST
to a client-certificate authenticated HTTPs service. Since the certificate is self-signed, adding it to appdata\keystore.jks
doesn't seem to work.
如何在不花大钱的情况下为HTTP Sender目标明确指定客户端证书?
How can I explicitly specify a client certificate for a HTTP Sender destination without forking over the big bucks?
推荐答案
创建nginx反向代理.这样,Mirth只需在HTTP上进行连接-nginx提交客户端证书.
Create an nginx reverse proxy. That way, Mirth only has to connect on HTTP - nginx submits the client certificate.
对于Windows:
- 解压缩nginx
- 更新conf \ nginx.conf
- 设置为以nssm服务
- Unzip nginx
- Update conf\nginx.conf
- Set to start as a service with nssm
为了简单起见,我用以下内容替换了nginx.conf
,仅监听了 http://127.0.0.1: 8106/:
I replaced nginx.conf
with the below to keep things simple, listening only on http://127.0.0.1:8106/:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
server {
listen 127.0.0.1:8106;
server_name localhost;
location / {
proxy_pass https://upstream-server;
# To generate a key&crt from pfx:
# openssl pkcs12 -in client-certificate.pfx -nocerts -out client-certificate.key -nodes
# openssl pkcs12 -in client-certificate.pfx -clcerts -nokeys -out client-certificate.crt
proxy_ssl_certificate "C:/path/to/nginx-1.15.3/conf/client-certificate.crt";
proxy_ssl_certificate_key "C:/path/to/nginx-1.15.3/conf/client-certificate.key";
}
}
}
这篇关于在没有SSL Manager插件的情况下,如何使用HTTP Sender提交客户端证书?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!