Verify client certificate, but ignore expiration date
Rainer Duffner
rainer at ultra-secure.de
Sun Jan 1 22:48:22 UTC 2012
Am 27.12.2011 um 13:34 schrieb Gelonida:
> I wanted to know whether I can configure nginx to verify client certificates and reject them if invalid.
>
> However I would like to exclude the expiration date from the validation step.
>
> The context is rather simple.
>
> I have some embedded devices trying to connect to a server. The client certificate for these devices expired and for a certain time I will be unable to update them.
>
> Instead of disabling client certificates I would like to 'just' ignore the expiration date.
>
> Ideally I'd like to just ignore the expiration date of a few given certificates, but in my current setup even ignoring all expiration dates would be an option.
>
> Is there any setup allowing this?
>
> Thanks in advance for any suggestion of how to achieve this.
>
I would suspect that most (all?) validation is done in the SSL-libraries.
As such, you would probably have modify the openssl-source.
I'm no programmer (sitting in a glass house here), but I'd say if you knew how to do that, you wouldn't have asked the original question anyway….
Instead of trying to find a "quick fix", I would accelerate the project to update the clients.
More information about the nginx
mailing list