Welcome! Log In Create A New Profile

Advanced

Re: OCSP stapling for client certificates

Maxim Dounin
August 27, 2014 12:56PM
Hello!

On Wed, Aug 27, 2014 at 11:51:08AM -0500, Mohammad Dhedhi wrote:

> Hi,
>
> I was able to setup nignx with client certificate authentication and OCSP
> stapling. I however noticed that OCSP is used only for the nginx server ssl
> certificate.
>
> It does not use OCSP for validating client certificates to see if a client
> is using a revoked certificate or not. Is ssl_crl the only way to checked
> for revoked client certificates or can nginx be configured to use OCSP for
> client certificates ?

No, nginx doesn't support OCSP-based validation of client
certificates, it only supports OCSP stapling. If you want to
check revocation of client certificates, the only available option
is to use ssl_crl.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

OCSP stapling for client certificates

Mohammad Dhedhi August 27, 2014 12:52PM

Re: OCSP stapling for client certificates

Maxim Dounin August 27, 2014 12:56PM

Re: OCSP stapling for client certificates

prozit June 28, 2015 12:20PM

Re: OCSP stapling for client certificates

Maxim Dounin July 05, 2015 07:44PM

Re: OCSP stapling for client certificates

itplayer April 13, 2019 05:16AM

Re: OCSP stapling for client certificates

ramirezc December 04, 2019 12:31PM

Re: OCSP stapling for client certificates

Frank Liu December 04, 2019 12:56PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 68
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready