Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add support for rfc9440 cert headers #165

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

add support for rfc9440 cert headers #165

wants to merge 5 commits into from
+146 −21

Conversation

jessepeterson
Copy link
Member

@jessepeterson jessepeterson commented Jan 30, 2025
edited
Loading

Per the updated operations guide:

With the -cert-header switch you can specify the name of an HTTP header that is passed to NanoMDM to instead read the client identity certificate from. The format of the header is parsed as RFC 9440 if it begins with a colon, otherwise a URL query-escaped PEM certificate is assumed.

RFC 9440 specifies a Base-64 encoded DER certificate surrounded by colons. The URL query-escaped PEM certificate is ostensibly to support Nginx' $ssl_client_escaped_cert in a proxy_set_header directive. Though any reverse proxy setting similar headers can be used, of course. Again the SignMessage key in the enrollment profile should be set appropriately (i.e. to false or not set, if you're using this switch).

NOTE
NanoMDM v0.7.0 and below do not support RFC 9440 header parsing, only URL query-escaped PEM certificates.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jessepeterson