Welcome! Log In Create A New Profile

Re: OCSP stapling for client certificates

Forum List Message List New Topic Print View

Maxim Dounin

August 27, 2014 12:56PM

Hello!

On Wed, Aug 27, 2014 at 11:51:08AM -0500, Mohammad Dhedhi wrote:

> Hi,
>
> I was able to setup nignx with client certificate authentication and OCSP
> stapling. I however noticed that OCSP is used only for the nginx server ssl
> certificate.
>
> It does not use OCSP for validating client certificates to see if a client
> is using a revoked certificate or not. Is ssl_crl the only way to checked
> for revoked client certificates or can nginx be configured to use OCSP for
> client certificates ?

No, nginx doesn't support OCSP-based validation of client
certificates, it only supports OCSP stapling. If you want to
check revocation of client certificates, the only available option
is to use ssl_crl.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
OCSP stapling for client certificates	Mohammad Dhedhi	August 27, 2014 12:52PM
Re: OCSP stapling for client certificates	Maxim Dounin	August 27, 2014 12:56PM
Re: OCSP stapling for client certificates	prozit	June 28, 2015 12:20PM
Re: OCSP stapling for client certificates	Maxim Dounin	July 05, 2015 07:44PM
Re: OCSP stapling for client certificates	itplayer	April 13, 2019 05:16AM
Re: OCSP stapling for client certificates	ramirezc	December 04, 2019 12:31PM
Re: OCSP stapling for client certificates	Frank Liu	December 04, 2019 12:56PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 253

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018