Using Yubikey/PKCS11 for Upstream Client Certificates
erik
nginx-forum at forum.nginx.org
Tue Feb 4 17:14:28 UTC 2020
Specifically, I'd like to know if the proxy_ssl_certificate and
proxy_ssl_certificate_key directives can support RFC-7512 PKCS#11 URIs, or
whether they're hardwired to be just local file paths.
With my private key in hardware, I'm looking for the ability to point nginx
to something like:
location /upstream {
proxy_pass https://backend.example.com;
proxy_ssl_certificate /etc/nginx/client.pem;
proxy_ssl_certificate_key
'pkcs11:type=private;token=some_token;object=username%40example.org';
}
Cheers,
Erik van Zijst
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,286922,286930#msg-286930
More information about the nginx
mailing list