From c00db63f40df52fefbafb4b65ba6cad77a99d80d Mon Sep 17 00:00:00 2001
From: Devon Mackay <devon@dds.mil>
Date: Wed, 8 Aug 2018 14:06:57 -0400
Subject: [PATCH] Enable client cert validation

---
 deploy/kubernetes/atst-nginx-configmap.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/deploy/kubernetes/atst-nginx-configmap.yml b/deploy/kubernetes/atst-nginx-configmap.yml
index 6e2b1d69..29133d4d 100644
--- a/deploy/kubernetes/atst-nginx-configmap.yml
+++ b/deploy/kubernetes/atst-nginx-configmap.yml
@@ -55,9 +55,9 @@ data:
         ssl_stapling_verify on;
         resolver 8.8.8.8 8.8.4.4;
         # Request and validate client certificate
-        #ssl_verify_client on;
-        #ssl_verify_depth 10;
-        #ssl_client_certificate /etc/nginx/ssl/ca/client-ca.pem;
+        ssl_verify_client on;
+        ssl_verify_depth 10;
+        ssl_client_certificate /etc/nginx/ssl/client-ca-bundle.pem;
         # Guard against HTTPS -> HTTP downgrade
         add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; always";
         location / {