Hi, Actually, I had the same questions. Is this something that's available by now, or is it in the pipeline of any new release of Nginx or will it never be? I'm just asking since I believe this might be a good feature to add since CRL's could get very big when lots of certificate have been revoked, and since it is not a realtime updating mechanism. By using a OCSP, there is a little overby prozit - Nginx Mailing List - English
Hi, I have been able to work arround this issue by setting the option "ssl_verify_client" to "optional" instead of "on". After this I used an if statement for checking the variable "$ssl_client_verify" on its value being "NONE" (meaning no valid SSL certificate had been provided). This statement being true, you can redirect your visitors to anotby prozit - How to...