Using client certificate to access domain name

1. The problem I’m having:


I want to protect somehow some DNS reverse proxied by Caddy , via self sined certificates
In general , when accessing padmn.mehdikammakh.com (just example DNS) , users should have a certain certificate in their store or wherever to be able to open the website, otherwise dns errors or whatever is showed
in my case, I have this error
ERR_BAD_SSL_CLIENT_AUTH_CERT
accessing via Windows - Google Chrome
certificates where generated via the following commands :

openssl genpkey -algorithm RSA -out ca.key
openssl req -x509 -new -key ca.key -out ca.crt

openssl genpkey -algorithm RSA -out client.key
openssl req -new -key client.key -out client.csr

openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt

ca.crt is added into trust store in Windows
client.crt is added into Personal store in Windows

2. Error messages and/or full log output:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

3. Caddy version:

caddy:2.5.2-alpine

4. How I installed and ran Caddy:

docker compose

a. System environment:

docker compose

b. Command:

docker compose

c. Service/unit/compose file:

docker compose

d. My complete Caddy config:

{
        email info@innoyadev.fr
}
padmn.mehdikammakh.com {
        handle {
                reverse_proxy p-padmn:80
        }
        log {
                output file /var/log/caddy/padmn.scouts-tn.org-access.log
                format json
        }
        tls {
	  client_auth {
		mode require_and_verify
		trusted_ca_cert_file   /opt/ca.crt
	  }
        }
}

5. Links to relevant resources:

You’d have to import the client certificate directly into Chrome or use a browser like Microsoft Edge which natively reads Credential Manager.

1 Like

That’s a very old version, please upgrade to the latest.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.