I am setting up an infrastructure where I have an nginx web server configured to require a client certificate for access to a resource.
However, the clients do not themselves have support for client certificates (it's pip, and we can't modify it to support the certificates [even though this is easy given it's Python, but still]).
Basically, the idea I had would be to setup a proxy on each machine that can do the certificate authentication to the remote server… but I really don't know how easy this is, or how I would go about it. Ideally, the proxy would be as lightweight as possible.
Any ideas? :)
Consider using stunnel as your proxy, it's a highly flexible SSL proxy, which can do client certificate authentication.