We're in a similiar situation, but with many intermediate CAs and root CAs for all the possible client certificates we accept. We have all of these concatenated into a single file for the ssl_client_certificate directive. We have CRLs for some of these and not for others. Is there any way we configure nginx so it will honour the ones we have, without requiring us to have a CRL for all of thby nathanmesser - Nginx Mailing List - English