由于ELB不支持两种SSL身份验证,您应该在您的nginx服务器上验证证书。
您可以像这样配置nginx服务器以接受来自API网关的客户端证书。
server {
listen 443;
ssl on;
server_name example.com;
ssl_certificate /etc/nginx/certs/server.crt;
ssl_certificate_key /etc/nginx/certs/server.key;
ssl_client_certificate /etc/nginx/certs/ca.crt;
ssl_verify_client optional;
location/{
root /var/www/example.com/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME /var/www/example.com/lib/Request.class.php;
fastcgi_param VERIFIED $ssl_client_verify;
fastcgi_param DN $ssl_client_s_dn;
include fastcgi_params;
}
}
然后,使用API网关控制台上的测试调用功能来测试此设置是否适用于您。
我不确定这是文档错误还是实际问题,但他们当前在“已知问题”中列出了nginx作为后端,可能不支持与API网关兼容的SSL客户端身份验证:http:// docs。 aws.amazon.com/apigateway/latest/developerguide/api-gateway-known-issues.html –