Nginx with client certificate authentication (mTLS)?
-
I recently read about nginx with client certificate authentication (mTLS), as explained e.g. here: https://www.cloudflare.com/learning/access-management/what-is-mutual-tls/
One of the cornerstones of Zero Trust Networking is Mutual TLS (known as mTLS). In simple terms, this means that each client is required to present a certificate to talk to the server. By replacing credentials with certificates, we are able to significantly improve the security (in particular with short-lived certificates, like the ones we offer), while also making the implementation easier (as it removes the need for API key/credential management).
It seems rather simple to set up: https://wott.io/blog/tutorials/2019/07/15/mtls-with-nginx
Is that something that could be implemented with Cloudron, maybe as an option, as an extra security layer?
-
Yeah, it's not too hard to set up. But you have to educate all your users to install the client side certs on their OS/browser and also how to remove them etc. They also most likely break all the mobile apps. Of course, it's useful, no doubt but it's really meant for a niche set of use cases and that too in enterprises where they can preinstall these certs into the laptops and devices.
That said, you are right that it's probably easy to implement
