Welcome! Log In Create A New Profile

Advanced

Re: Verify client certificate, but ignore expiration date

Rainer Duffner
January 01, 2012 05:50PM
Am 27.12.2011 um 13:34 schrieb Gelonida:

> I wanted to know whether I can configure nginx to verify client certificates and reject them if invalid.
>
> However I would like to exclude the expiration date from the validation step.
>
> The context is rather simple.
>
> I have some embedded devices trying to connect to a server. The client certificate for these devices expired and for a certain time I will be unable to update them.
>
> Instead of disabling client certificates I would like to 'just' ignore the expiration date.
>
> Ideally I'd like to just ignore the expiration date of a few given certificates, but in my current setup even ignoring all expiration dates would be an option.
>
> Is there any setup allowing this?
>
> Thanks in advance for any suggestion of how to achieve this.
>



I would suspect that most (all?) validation is done in the SSL-libraries.

As such, you would probably have modify the openssl-source.

I'm no programmer (sitting in a glass house here), but I'd say if you knew how to do that, you wouldn't have asked the original question anyway….

Instead of trying to find a "quick fix", I would accelerate the project to update the clients.




_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Verify client certificate, but ignore expiration date

Gelonida December 27, 2011 07:36AM

Re: Verify client certificate, but ignore expiration date

Gelonida N January 01, 2012 05:44PM

Re: Verify client certificate, but ignore expiration date

Rainer Duffner January 01, 2012 05:50PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 325
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready