How can I use HTTP Sender to submit a client certificate without the SSL Manager Plugin?

2k views Asked by At

We have a Mirth server which is not under a support contract which needs to POST to a client-certificate authenticated HTTPs service. Since the certificate is self-signed, adding it to appdata\keystore.jks doesn't seem to work.

How can I explicitly specify a client certificate for a HTTP Sender destination without forking over the big bucks?

1

There are 1 answers

0
Mitch On BEST ANSWER

Create an nginx reverse proxy. That way, Mirth only has to connect on HTTP - nginx submits the client certificate.

For windows:

  1. Unzip nginx
  2. Update conf\nginx.conf
  3. Set to start as a service with nssm

I replaced nginx.conf with the below to keep things simple, listening only on http://127.0.0.1:8106/:

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    server {
        listen 127.0.0.1:8106;
        server_name localhost;

        location / {
            proxy_pass https://upstream-server;

            # To generate a key&crt from pfx:
            # openssl pkcs12 -in client-certificate.pfx -nocerts -out client-certificate.key -nodes
            # openssl pkcs12 -in client-certificate.pfx -clcerts -nokeys -out client-certificate.crt

            proxy_ssl_certificate "C:/path/to/nginx-1.15.3/conf/client-certificate.crt";
            proxy_ssl_certificate_key "C:/path/to/nginx-1.15.3/conf/client-certificate.key";
        }
    }
}