Welcome! Log In Create A New Profile

Advanced

Re: Verify client certificate, but ignore expiration date

Gelonida N
January 01, 2012 05:44PM
Hmm no reaction to this question so far.
Does this mean it is impossible:

On 12/27/2011 01:34 PM, Gelonida wrote:
> I wanted to know whether I can configure nginx to verify client
> certificates and reject them if invalid.
>
> However I would like to exclude the expiration date from the validation
> step.
>
> The context is rather simple.
>
> I have some embedded devices trying to connect to a server. The client
> certificates for some of these devices will expire before
> they will be returned for maintenance
> Instead of disabling client certificates globally I would like to 'just' ignore
> the expiration date of a selected list of devices
>
> Ideally I'd like to just ignore the expiration date of a few given
> certificates, but in my current setup even ignoring all expiration dates
> would be an option untill all devices were updated with new certificats
>
> Is there any setup allowing this?

Alternatively I'd be willing to change the C source of nginx if this
would help me to solve above mentioned issue.

Thanks for any pointers and suggestions.

P.S. I know, that the 'real' answer would be to just avoid above
situation and renew certificates prior to their expiration. However this
is unfortunately not possible for the already deployed devices.




_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Verify client certificate, but ignore expiration date

Gelonida December 27, 2011 07:36AM

Re: Verify client certificate, but ignore expiration date

Gelonida N January 01, 2012 05:44PM

Re: Verify client certificate, but ignore expiration date

Rainer Duffner January 01, 2012 05:50PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 191
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready