Whitelisting Client Side Certificates

paddy3883 nginx-forum at nginx.us
Wed Feb 26 17:37:10 UTC 2014


I'm currently working on POC for my company which is looking to use NGINX to
validate API Requests using Client Side Certificates. Presently we have it
setup so we are self signing/generating these certificates on the local
machine and are able to use these successfully in our tests. We are also
able to use the revocation list to disable generated certificates.

Moving forward it is possible we will be using an external CA to generate
these certificates and we are trying to determine if this is a way to
'whitelist' certificates so only those generated ones which we have
visibility of will be verified, rather than a 'blacklisting' approach to
block those which are revoked? i.e. Given a client certificate generated by
a external CA how can we established this in a trusted list of certs to
verify?

Apologies if this question is lacking technical details/knowledge, this is
my first hands on experience with SSL.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,247969,247969#msg-247969



More information about the nginx mailing list