Welcome! Log In Create A New Profile

Advanced

Using Yubikey/PKCS11 for Upstream Client Certificates

February 04, 2020 03:00AM
Hi there,

I'm building a reverse proxy that needs to use TLS client certificates for authentication to its proxy_pass location.

The documentation at https://docs.nginx.com/nginx/admin-guide/security-controls/securing-http-traffic-upstream/ is pretty clear in how to point Nginx to the signed certificate and private key file, but my cert and key are in hardware (YubiKey in PIV mode).

I have pkcs11 support through OpenSC, but I'm wondering if Nginx can work with that. Is there a way to have it use the yubikey through pkcs11?

Cheers,
Erik
Subject Author Posted

Using Yubikey/PKCS11 for Upstream Client Certificates

erik February 04, 2020 03:00AM

Re: Using Yubikey/PKCS11 for Upstream Client Certificates

erik February 04, 2020 12:14PM

Re: Using Yubikey/PKCS11 for Upstream Client Certificates

erik February 05, 2020 12:00PM

Re: Using Yubikey/PKCS11 for Upstream Client Certificates

erik February 06, 2020 06:46PM

Re: Using Yubikey/PKCS11 for Upstream Client Certificates

Konstantin Pavlov February 05, 2020 05:40AM

Re: Using Yubikey/PKCS11 for Upstream Client Certificates

erik February 06, 2020 06:48PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 67
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready