Forum List Message List New Topic
css
Reverse proxy, tls mutual authentication client list
May 15, 2018 02:39PM
Hi

We plan to use nginx to control access from IoT devices connecting to a server HTTP(S)/REST interface over TLS.

We want to use client certificates stored on the IoT devices to do TLS mutual authentication and found that nginx seems to support this application very well in reverse-proxy configuration.

We use the following nginx configuration to validate the client certificates:

ssl_client_certificate trustedClients.pem;
ssl_verify_client on;

, with trustedClients.pem containing a concatenation of all trusted client certificates.

This works very well, only clients with certificates in trustedClients.pem are allowed access.

We wonder if this is the preferred method if the trusted client list contains hundreds of clients? And if so, does some tool exists to manage the list of clients certificates in a certificate bundle?

We appriciate any assistance you can provide on this.

Best regards
Christian
Reply Quote
Newer Topic Older Topic
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 317
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready