From d83f572afef6e88cb86f7eedea9abe933a0f0f86 Mon Sep 17 00:00:00 2001
From: Marek Paśnikowski <marek@marekpasnikowski.pl>
Date: Sun, 11 May 2025 13:26:25 +0200
Subject: aisaka: configure NGINX client authentication according to
 DataCadamia

---
 deployment/systems/aisaka.scm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/deployment/systems/aisaka.scm b/deployment/systems/aisaka.scm
index 4f76ca3..ceedcc6 100644
--- a/deployment/systems/aisaka.scm
+++ b/deployment/systems/aisaka.scm
@@ -412,8 +412,9 @@
         (listen (list "192.168.10.2:443 ssl"))
         (root "/home/marek/Publiczne/test")
         (server-name (list "test.marekpasnikowski.pl"))
-        (raw-content (list "ssl_client_certificate /home/marek/CA/intermediate-authority.cert.pem;"
-                           "ssl_verify_client optional;")))
+        (raw-content (list "ssl_client_certificate /home/marek/CA/root_certificate.pem;"
+                           "ssl_verify_client on;"
+                           "ssl_verify_depth 1;")))
       ;; Radicale
       ((@ (gnu services web) nginx-server-configuration)
        (locations
-- 
cgit v1.2.3