International
中国站
Console
PrevNext
search by keyword

Recent Pages

Documentation
Instant Messaging
    Documentation

    Configuring Mutual Authentication with NGINX

    Last updated: 2020-05-14 18:41:37

      Configuration Process for Nginx HTTPS Mutual Authentication

      This document uses the third-party developer domain name http://www.example.com as an example. The following two cases may arise:

      • The third-party developer already has a certificate issued by an authoritative third party.

        • The developer prepares the certificate www.example.com.crt issued by and the private key www.example.com.key assigned by the authoritative third party for www.example.com. Note that the certificate must be issued by an authoritative third party, such as Topway or GlobalSign.
        • IM provides the developer backend with a CA certificate TencentQQAuthCA.crt, which is used to verify the certificate of the requesting party (IM).
        • Configure by referring to the Reference for Nginx HTTPS Mutual Authentication Configuration below.

      • The third-party developer sends an application to IM, requesting IM to issue a certificate for its domain name.

        • The developer configures the callback URL, such as www.example.com, in the console.
        • IM issues the certificate www.example.com.crt and assigns the private key www.example.com.key to the developer with the domain name www.example.com. The developer can download the certificate from the console.
        • IM provides the developer backend with a CA certificate TencentQQAuthCA.crt, which is used to verify the certificate of the requesting party (IM).
        • Perform configuration by referring to the Reference for Nginx HTTPS Mutual Authentication Configuration below.

      Reference for Nginx HTTPS Mutual Authentication Configuration

      1. Copy www.example.com.crt, www.example.com.key, and TencentQQAuthCA.crt to the conf folder under the Nginx installation directory.
      2. Modify the nginx.conf file. The reference configuration is as follows:
        server {
 listen 443 ssl;
 ssl_protocols TLSv1 TLSv1.1;
 server_name            www.example.com; # Domain name
 ssl_certificate        www.example.com.crt; # Certificate issued by Tencent to the third party
 ssl_certificate_key    www.example.com.key; # Private key paired with the certificate
 ssl_verify_client on; # Verify the request source
 ssl_client_certificate TencentQQAuthCA.crt; # CA certificate authenticated by Tencent
 location / {
     root   html;
     index  index.html index.htm;
 }
}

      Was this page helpful?

      Confirm

      Was this page helpful?

      • Not at all
      • Not very helpful
      • Somewhat helpful
      • Very helpful
      • Extremely helpful
      Send Feedback
      Hide
      Submit a TicketContact sales
      Help
        tencent
        Copyright © 2013-2020 Tencent Cloud. All Rights Reserved.
        Privacy PolicyTerms of ServiceCookie Policy