Welcome! Log In Create A New Profile

Advanced

Re: Using Yubikey/PKCS11 for Upstream Client Certificates

February 04, 2020 12:14PM
Specifically, I'd like to know if the proxy_ssl_certificate and proxy_ssl_certificate_key directives can support RFC-7512 PKCS#11 URIs, or whether they're hardwired to be just local file paths.

With my private key in hardware, I'm looking for the ability to point nginx to something like:

location /upstream {
proxy_pass https://backend.example.com;
proxy_ssl_certificate /etc/nginx/client.pem;
proxy_ssl_certificate_key 'pkcs11:type=private;token=some_token;object=username%40example.org';
}

Cheers,
Erik van Zijst
Subject Author Posted

Using Yubikey/PKCS11 for Upstream Client Certificates

erik February 04, 2020 03:00AM

Re: Using Yubikey/PKCS11 for Upstream Client Certificates

erik February 04, 2020 12:14PM

Re: Using Yubikey/PKCS11 for Upstream Client Certificates

erik February 05, 2020 12:00PM

Re: Using Yubikey/PKCS11 for Upstream Client Certificates

erik February 06, 2020 06:46PM

Re: Using Yubikey/PKCS11 for Upstream Client Certificates

Konstantin Pavlov February 05, 2020 05:40AM

Re: Using Yubikey/PKCS11 for Upstream Client Certificates

erik February 06, 2020 06:48PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 69
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready