Using client certificate to access domain name

1. The problem I’m having:

I want to protect somehow some DNS reverse proxied by Caddy , via self sined certificates
In general , when accessing (just example DNS) , users should have a certain certificate in their store or wherever to be able to open the website, otherwise dns errors or whatever is showed
in my case, I have this error
accessing via Windows - Google Chrome
certificates where generated via the following commands :

openssl genpkey -algorithm RSA -out ca.key
openssl req -x509 -new -key ca.key -out ca.crt

openssl genpkey -algorithm RSA -out client.key
openssl req -new -key client.key -out client.csr

openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt

ca.crt is added into trust store in Windows
client.crt is added into Personal store in Windows

2. Error messages and/or full log output:

Please use the preview pane to ensure it looks nice.

3. Caddy version:


4. How I installed and ran Caddy:

docker compose

a. System environment:

docker compose

b. Command:

docker compose

c. Service/unit/compose file:

docker compose

d. My complete Caddy config:

} {
        handle {
                reverse_proxy p-padmn:80
        log {
                output file /var/log/caddy/
                format json
        tls {
	  client_auth {
		mode require_and_verify
		trusted_ca_cert_file   /opt/ca.crt

5. Links to relevant resources:

You’d have to import the client certificate directly into Chrome or use a browser like Microsoft Edge which natively reads Credential Manager.

1 Like

That’s a very old version, please upgrade to the latest.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.