View Single Post
  #5   (View Single Post)  
Old 1st April 2015
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
Join Date: Jun 2010
Posts: 429

Yeah, as jggimi pointed out, you would use client-side certificates (as a hard requirement, not a soft requirement) in nginx such that traffic couldn't hit the actual backend webserver until the client presented a valid signed certificate (which you could sign if you ran your own internal CA).

But like you said, distribution of the client-side certs would be a headache.
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.
Reply With Quote