Verify client certificate, but ignore expiration date

Rainer Duffner rainer at ultra-secure.de
Sun Jan 1 22:48:22 UTC 2012


Am 27.12.2011 um 13:34 schrieb Gelonida:

> I wanted to know whether I can configure nginx to verify client certificates and reject them if invalid.
> 
> However I would like to exclude the expiration date from the validation step.
> 
> The context is rather simple.
> 
> I have some embedded devices trying to connect to a server. The client certificate for these devices expired and for a certain time I will be unable to update them.
> 
> Instead of disabling client certificates I would like to 'just' ignore the expiration date.
> 
> Ideally I'd like to just ignore the expiration date of a few given certificates, but in my current setup even ignoring all expiration dates would be an option.
> 
> Is there any setup allowing this?
> 
> Thanks in advance for any suggestion of how to achieve this.
> 



I would suspect that most (all?) validation is done in the SSL-libraries.

As such, you would probably have modify the openssl-source.

I'm no programmer (sitting in a glass house here), but I'd say if you knew how to do that, you wouldn't have asked the original question anyway….

Instead of trying to find a "quick fix", I would accelerate the project to update the clients.






More information about the nginx mailing list