httpsclient-certificatesmirthmirth-connect

How can I use HTTP Sender to submit a client certificate without the SSL Manager Plugin?


We have a Mirth server which is not under a support contract which needs to POST to a client-certificate authenticated HTTPs service. Since the certificate is self-signed, adding it to appdata\keystore.jks doesn't seem to work.

How can I explicitly specify a client certificate for a HTTP Sender destination without forking over the big bucks?


Solution

  • Create an nginx reverse proxy. That way, Mirth only has to connect on HTTP - nginx submits the client certificate.

    For windows:

    1. Unzip nginx
    2. Update conf\nginx.conf
    3. Set to start as a service with nssm

    I replaced nginx.conf with the below to keep things simple, listening only on http://127.0.0.1:8106/:

    worker_processes  1;
    
    events {
        worker_connections  1024;
    }
    
    http {
        include       mime.types;
        default_type  application/octet-stream;
    
        server {
            listen 127.0.0.1:8106;
            server_name localhost;
    
            location / {
                proxy_pass https://upstream-server;
    
                # To generate a key&crt from pfx:
                # openssl pkcs12 -in client-certificate.pfx -nocerts -out client-certificate.key -nodes
                # openssl pkcs12 -in client-certificate.pfx -clcerts -nokeys -out client-certificate.crt
    
                proxy_ssl_certificate "C:/path/to/nginx-1.15.3/conf/client-certificate.crt";
                proxy_ssl_certificate_key "C:/path/to/nginx-1.15.3/conf/client-certificate.key";
            }
        }
    }