Verify client certificate, but ignore expiration date

Gelonida N gelonida at gmail.com
Sun Jan 1 22:43:17 UTC 2012


Hmm no reaction to this question so far.
Does this mean it is impossible:

On 12/27/2011 01:34 PM, Gelonida wrote:
> I wanted to know whether I can configure nginx to verify client
> certificates and reject them if invalid.
> 
> However I would like to exclude the expiration date from the validation
> step.
> 
> The context is rather simple.
> 
> I have some embedded devices trying to connect to a server. The client
> certificates for some of these devices will expire before 
> they will be returned for maintenance
> Instead of disabling client certificates globally  I would like to 'just' ignore
> the expiration date of a selected list of devices
> 
> Ideally I'd like to just ignore the expiration date of a few given
> certificates, but in my current setup even ignoring all expiration dates
> would be an option untill all devices were updated with new certificats
> 
> Is there any setup allowing this?

Alternatively I'd be willing to change the C source of nginx if this
would help me to solve above mentioned issue.

Thanks for any pointers and suggestions.

P.S. I know, that the 'real' answer would be to just avoid above
situation and renew certificates prior to their expiration. However this
is unfortunately not possible for the already deployed devices.






More information about the nginx mailing list