问题
We have a Mirth server which is not under a support contract which needs to POST to a client-certificate authenticated HTTPs service. Since the certificate is self-signed, adding it to appdata\keystore.jks doesn't seem to work.
How can I explicitly specify a client certificate for a HTTP Sender destination without forking over the big bucks?
回答1:
Create an nginx reverse proxy. That way, Mirth only has to connect on HTTP - nginx submits the client certificate.
For windows:
- Unzip nginx
- Update conf\nginx.conf
- Set to start as a service with nssm
I replaced nginx.conf with the below to keep things simple, listening only on http://127.0.0.1:8106/:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
server {
listen 127.0.0.1:8106;
server_name localhost;
location / {
proxy_pass https://upstream-server;
# To generate a key&crt from pfx:
# openssl pkcs12 -in client-certificate.pfx -nocerts -out client-certificate.key -nodes
# openssl pkcs12 -in client-certificate.pfx -clcerts -nokeys -out client-certificate.crt
proxy_ssl_certificate "C:/path/to/nginx-1.15.3/conf/client-certificate.crt";
proxy_ssl_certificate_key "C:/path/to/nginx-1.15.3/conf/client-certificate.key";
}
}
}
来源:https://stackoverflow.com/questions/52414239/how-can-i-use-http-sender-to-submit-a-client-certificate-without-the-ssl-manager