Hi there,
I'm building a reverse proxy that needs to use TLS client certificates for authentication to its proxy_pass location.
The documentation at https://docs.nginx.com/nginx/admin-guide/security-controls/securing-http-traffic-upstream/ is pretty clear in how to point Nginx to the signed certificate and private key file, but my cert and key are in hardware (YubiKey in PIV mode).
I have pkcs11 support through OpenSC, but I'm wondering if Nginx can work with that. Is there a way to have it use the yubikey through pkcs11?
Cheers,
Erik