I am trying to configure NGINX ingress controller where it can also validate unique CN or Subjectname coming from the client. Reason being , we only want a client to be configured to access NGINX ingress controller & rest of the clients which are signed using same CA & key can be dropped.
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=testAuthority
Validity
Not Before: Apr 5 08:02:23 2020 GMT
Not After : Apr 5 08:02:23 2021 GMT
Subject: CN=**client**
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
<snipped>
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
<snipped>
-----BEGIN CERTIFICATE-----
<snipped>
-----END CERTIFICATE-----
If the request to NGINX controller is received from above certificate like Subject: CN or Certificate Key or Fingerprint then it should be forwarded to backend . Rest of the certificates should be rejected.
If there is some annotation or configmap that could be configured in Ingress , it could be helpful.
