如何在没有 SSL 管理器插件的情况下使用 HTTP Sender 提交客户端证书?
How can I use HTTP Sender to submit a client certificate without the SSL Manager Plugin?
我们有一个 Mirth 服务器,它不在需要 POST 客户端证书身份验证的 HTTPs 服务的支持合同下。由于证书是自签名的,adding it to appdata\keystore.jks 似乎不起作用。
如何在不花大价钱的情况下为 HTTP 发件人目的地明确指定客户端证书?
创建一个 nginx 反向代理。这样,Mirth 只需连接到 HTTP - nginx 提交客户端证书。
对于windows:
- Unzip nginx
- 更新conf\nginx.conf
- Set to start as a service with nssm
为了简单起见,我将 nginx.conf 替换为以下内容,仅在 http://127.0.0.1:8106/:
上收听
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
server {
listen 127.0.0.1:8106;
server_name localhost;
location / {
proxy_pass https://upstream-server;
# To generate a key&crt from pfx:
# openssl pkcs12 -in client-certificate.pfx -nocerts -out client-certificate.key -nodes
# openssl pkcs12 -in client-certificate.pfx -clcerts -nokeys -out client-certificate.crt
proxy_ssl_certificate "C:/path/to/nginx-1.15.3/conf/client-certificate.crt";
proxy_ssl_certificate_key "C:/path/to/nginx-1.15.3/conf/client-certificate.key";
}
}
}
我们有一个 Mirth 服务器,它不在需要 POST 客户端证书身份验证的 HTTPs 服务的支持合同下。由于证书是自签名的,adding it to appdata\keystore.jks 似乎不起作用。
如何在不花大价钱的情况下为 HTTP 发件人目的地明确指定客户端证书?
创建一个 nginx 反向代理。这样,Mirth 只需连接到 HTTP - nginx 提交客户端证书。
对于windows:
- Unzip nginx
- 更新conf\nginx.conf
- Set to start as a service with nssm
为了简单起见,我将 nginx.conf 替换为以下内容,仅在 http://127.0.0.1:8106/:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
server {
listen 127.0.0.1:8106;
server_name localhost;
location / {
proxy_pass https://upstream-server;
# To generate a key&crt from pfx:
# openssl pkcs12 -in client-certificate.pfx -nocerts -out client-certificate.key -nodes
# openssl pkcs12 -in client-certificate.pfx -clcerts -nokeys -out client-certificate.crt
proxy_ssl_certificate "C:/path/to/nginx-1.15.3/conf/client-certificate.crt";
proxy_ssl_certificate_key "C:/path/to/nginx-1.15.3/conf/client-certificate.key";
}
}
}