Welcome! Log In Create A New Profile

Advanced

CRL validation

Posted by woodyweaver 
woodyweaver
CRL validation
January 10, 2017 05:50PM
I need to use nginx with client validation. Lots of good info about that.
But I need to ensure that nginx verifies the certificate has not been
revoked through CRL or OCSP checking. Is that part of ssl_verify_client on
? How can I specify a cached CRL location?

--woody

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,271910,271910#msg-271910

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Alex Samad
Re: CRL validation
January 11, 2017 01:50AM
Hi

I have a cron script that generates a crl file and places it a file for
nginx to read... I believe I reload nginx after doing this

I don't think - happy to be proved wrong - that nginx checks for a oscp or
crl attribute in the cert and makes the relevant request

Alex

On 11 January 2017 at 03:44, woodyweaver <[email protected]>
wrote:

> I need to use nginx with client validation. Lots of good info about that.
> But I need to ensure that nginx verifies the certificate has not been
> revoked through CRL or OCSP checking. Is that part of ssl_verify_client on
> ? How can I specify a cached CRL location?
>
> --woody
>
> Posted at Nginx Forum: https://forum.nginx.org/read.
> php?2,271910,271910#msg-271910
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login