Verify client certificate, but ignore expiration date
rainer at ultra-secure.de
Sun Jan 1 22:48:22 UTC 2012
Am 27.12.2011 um 13:34 schrieb Gelonida:
> I wanted to know whether I can configure nginx to verify client certificates and reject them if invalid.
> However I would like to exclude the expiration date from the validation step.
> The context is rather simple.
> I have some embedded devices trying to connect to a server. The client certificate for these devices expired and for a certain time I will be unable to update them.
> Instead of disabling client certificates I would like to 'just' ignore the expiration date.
> Ideally I'd like to just ignore the expiration date of a few given certificates, but in my current setup even ignoring all expiration dates would be an option.
> Is there any setup allowing this?
> Thanks in advance for any suggestion of how to achieve this.
I would suspect that most (all?) validation is done in the SSL-libraries.
As such, you would probably have modify the openssl-source.
I'm no programmer (sitting in a glass house here), but I'd say if you knew how to do that, you wouldn't have asked the original question anyway….
Instead of trying to find a "quick fix", I would accelerate the project to update the clients.
More information about the nginx