HTTPS/TLS with Custom Nginx configuration

Abhi_Desai · October 16, 2019, 3:09pm

Hi,

We have a requirement where we would like to turn on TLS for all the public APIs (non Admin). I have turned on TLS using Nginx configuration by changing following properties:
ssl=on
ssl_cert=/path-to-cert
ssl_cert_key=/path-to-cert-key

List of properties available here:

And this is working with Server (one way) authentication.

I would like to have mutual authentication implemented (from both client and server side) on TLS.

There is a plugin ’ Mutual TLS Authentication’ which supports this however I am using Kong Community edition.

How can you implement this using Nginx configuration changes? And how can I test this?

hbagdi · October 16, 2019, 6:14pm

This is bundled in the Enterprise version of Kong:

You can also do client authentication for every service and consumer using the following Nginx directive:

https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_client_certificate

Abhi_Desai · October 17, 2019, 8:02am

Thanks Harry,

Do you know what are the properties client_ssl, client_ssl_cert and client_ssl_cert_key for on the below page?

And not sure why do we have client_ssl_cert_key as we won’t need the key for Client auth?

hbagdi · October 17, 2019, 6:38pm

You need to use Nginx directive injection for this purpose:

I’m not sure what you are referring to here. You only need to inject the directives you need.