Hi
We've implemented basic Certificate Based Authentication for Nginx.
However whenever the certificate is revoked, Nginx still allows the client
( with revoked certificate ) to access the website.
I verified manually with openssl with OCSP URI and OCSP seems to be working
properly. Nginx doesn't seem to be forwarding request to OCSP before
allowing client.
I tried to specify the ssl_crl but as soon as I put it, all the clients
starts to receive 400 Bad Request.
Here is my sample relevant Nginx Config :-
### SSL cert files ###
ssl_client_certificate /test/ca.crt;
ssl_verify_client optional;
ssl_crl /prod-adcs/latest.pem;
ssl_verify_depth 2;
Is there something that I'm missing here ?
Any help will be appreciated.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx