Using Yubikey/PKCS11 for Upstream Client Certificates

erik nginx-forum at forum.nginx.org
Tue Feb 4 08:00:43 UTC 2020


Hi there,

I'm building a reverse proxy that needs to use TLS client certificates for
authentication to its proxy_pass location.

The documentation at
https://docs.nginx.com/nginx/admin-guide/security-controls/securing-http-traffic-upstream/
is pretty clear in how to point Nginx to the signed certificate and private
key file, but my cert and key are in hardware (YubiKey in PIV mode).

I have pkcs11 support through OpenSC, but I'm wondering if Nginx can work
with that. Is there a way to have it use the yubikey through pkcs11?

Cheers,
Erik

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,286922,286922#msg-286922



More information about the nginx mailing list