Hi,
I want to check the validity of a client certificate against CRL. So, I have defined in nginx.cong as follows
listen 80;
listen 443 ssl;
server_name localhost;
ssl_certificate serverCert.pem;
ssl_certificate_key serverKey.key;
ssl_client_certificate RootCA.pem;
ssl_verify_client on;
ssl_verify_depth 2;
ssl_crl CrlFile.pem;
If I write my nginx.conf as follows, It works fine. My application is expected to process a huge number of requests everyday and for each time(request) client certificate validity is checked against CrlFile.pem (specified at ssl_crl). 1. Does it effect servers response time because each time it has to open and read CrlFile.pem?.
My CrlFile.pem will be updated once a day as per my requirement. So, 2. Is there any caching mechanism performed by Nginx to cache CrlFile.pem because It has a new copy only once a day?.
3. Could you please help me in figuring out the best practice for validating client certificate against CRL.
Regards,
Sandeep