this may be a dumb ssl question, but here goes...
AJ Weber
aweber at comcast.net
Wed Oct 10 21:16:12 UTC 2012
I think I might have found my answer to this.
I can generate my own (or use any different) CA and add that in
ssl_client_certificate <path>;
And then set ssl_verify_client on;
This appears to work in initial testing. So my follow-up is:
1) Does this sound like the way to make my original question work?
2) Can I revoke certificates, and will nginx check a revocation list of
some kind?
Thanks again,
AJ
On 10/10/2012 2:14 PM, AJ Weber wrote:
> Can I install and configure nginx to use a "public"/global CA's SSL
> Certificate like Verisign, AND force (require) the use of client SSL
> certificates, AND allow those client/browser-certificates to be from a
> different CA/root? For example, openca or some self-signed setup that
> I use to just distribute client certificates to my registered users?
>
> Let me know if I am not asking the question correctly.
>
> Thanks,
> AJ
>
More information about the nginx
mailing list