## 需求描述 公司 ERP 目前部署在内网,且前置了一道 VPN,用户需拨入 VPN 之后才可访问 ERP。 如果不采用 VPN,则还可以通过 SSL 双向认证实现相同需求,相关资料如下: - [Nginx SSL快速双向认证配置(脚本)](https://segmentfault.com/a/1190000015295122) - [Nginx SSL 双向认证,key 生成和配置](https://blog.imdst.com/nginx-ssl-shuang-xiang-ren-zheng-key-sheng-cheng-he-pei-zhi/) - [HTTPS双向认证研究](https://developer.aliyun.com/article/726414) - [SSL双向认证原理以及期间证书的使用](https://blog.csdn.net/liuchunming033/article/details/48467587) - [SSL CA客户端证书双向认证IIS配置及代码验证](https://blog.csdn.net/soarheaven/article/details/77366283) - [IIS8中使用OpenSSL来创建CA并且签发SSL证书](http://alvinhu.com/blog/2013/06/12/creating-a-certificate-authority-and-signing-the-ssl-certificates-using-openssl-in-iis8/)
