November 25, 2015 11:58PM
If any of the concatenated CRLs in the file provided to ssl_crl have expired (root or intermediate), what is the Nginx behavior (assuming ssl_verify_client is on)? Does it result in failing verification of the client certificate (chain), or does it just log a warning, or nothing happens? If it does fail verification, how can I detect that specific problems and still perform the rest of verification (valid certificate which itself has not expired and chain of trust can be established to the verification depth) (the CA I'm using to generate the CRLs is on the same server, so it's not a problem if it's actually expired -- though a warning message would be nice as a reminder to the admin).
Subject Author Posted

How are client certificate expired CRLs handled?

DankMemes November 25, 2015 11:58PM

Re: How are client certificate expired CRLs handled?

Maxim Dounin November 26, 2015 08:30AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 336
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready