this may be a dumb ssl question, but here goes...

Maxim Dounin mdounin at mdounin.ru
Wed Oct 10 22:51:26 UTC 2012


Hello!

On Wed, Oct 10, 2012 at 05:16:12PM -0400, AJ Weber wrote:

> I think I might have found my answer to this.
> 
> I can generate my own (or use any different) CA and add that in
> ssl_client_certificate <path>;
> And then set ssl_verify_client on;
> 
> This appears to work in initial testing.  So my follow-up is:
> 1) Does this sound like the way to make my original question work?

Yes.

> 2) Can I revoke certificates, and will nginx check a revocation list
> of some kind?

http://nginx.org/r/ssl_crl

> 
> Thanks again,
> AJ
> 
> 
> On 10/10/2012 2:14 PM, AJ Weber wrote:
> >Can I install and configure nginx to use a "public"/global CA's
> >SSL Certificate like Verisign, AND force (require) the use of
> >client SSL certificates, AND allow those
> >client/browser-certificates to be from a different CA/root?  For
> >example, openca or some self-signed setup that I use to just
> >distribute client certificates to my registered users?
> >
> >Let me know if I am not asking the question correctly.
> >
> >Thanks,
> >AJ
> >
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

-- 
Maxim Dounin
http://nginx.com/support.html



More information about the nginx mailing list