在没有SSL Manager插件的情况下，如何使用HTTP Sender提交客户端证书? [英] How can I use HTTP Sender to submit a client certificate without the SSL Manager Plugin?

问题描述

我们有一个Mirth服务器，该服务器不受支持合同的约束，该合同需要POST到客户端证书身份验证的HTTPs服务.由于证书是自签名的，因此将其添加到appdata\keystore.jks 似乎不起作用.

We have a Mirth server which is not under a support contract which needs to POST to a client-certificate authenticated HTTPs service. Since the certificate is self-signed, adding it to appdata\keystore.jks doesn't seem to work.

如何在不花大钱的情况下为HTTP Sender目标明确指定客户端证书?

How can I explicitly specify a client certificate for a HTTP Sender destination without forking over the big bucks?

推荐答案

创建nginx反向代理.这样，Mirth只需在HTTP上进行连接-nginx提交客户端证书.

Create an nginx reverse proxy. That way, Mirth only has to connect on HTTP - nginx submits the client certificate.

对于Windows:

1. 解压缩nginx
2. 更新conf \ nginx.conf
3. 设置为以nssm服务

1. Unzip nginx
2. Update conf\nginx.conf
3. Set to start as a service with nssm

为了简单起见，我用以下内容替换了nginx.conf，仅监听了 http://127.0.0.1: 8106/:

I replaced nginx.conf with the below to keep things simple, listening only on http://127.0.0.1:8106/:

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    server {
        listen 127.0.0.1:8106;
        server_name localhost;

        location / {
            proxy_pass https://upstream-server;

            # To generate a key&crt from pfx:
            # openssl pkcs12 -in client-certificate.pfx -nocerts -out client-certificate.key -nodes
            # openssl pkcs12 -in client-certificate.pfx -clcerts -nokeys -out client-certificate.crt

            proxy_ssl_certificate "C:/path/to/nginx-1.15.3/conf/client-certificate.crt";
            proxy_ssl_certificate_key "C:/path/to/nginx-1.15.3/conf/client-certificate.key";
        }
    }
}

这篇关于在没有SSL Manager插件的情况下，如何使用HTTP Sender提交客户端证书?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！