OCSP stapling for client certificates
Maxim Dounin
mdounin at mdounin.ru
Wed Aug 27 16:55:54 UTC 2014
Hello!
On Wed, Aug 27, 2014 at 11:51:08AM -0500, Mohammad Dhedhi wrote:
> Hi,
>
> I was able to setup nignx with client certificate authentication and OCSP
> stapling. I however noticed that OCSP is used only for the nginx server ssl
> certificate.
>
> It does not use OCSP for validating client certificates to see if a client
> is using a revoked certificate or not. Is ssl_crl the only way to checked
> for revoked client certificates or can nginx be configured to use OCSP for
> client certificates ?
No, nginx doesn't support OCSP-based validation of client
certificates, it only supports OCSP stapling. If you want to
check revocation of client certificates, the only available option
is to use ssl_crl.
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list