I was wondering if caching whitelisted certificates' thumbprints somewhere
and then verifying against this per request would work? One approach could
be storing these thumprints in Memcached and querying using Lua? Or is there
a more straightforward/efficient approach?
Posted at Nginx Forum:
http
On Wed, Feb 26, 2014 at 9:58 AM, David Birdsong wrote:
> Having just gone through learning about this over the last few days,
> here's what I learned. Take it w/ a grain of salt.
>
> There are 2 ways I'm aware of.
>
> 1. turn on strict client verify and limit the ca list that the server
> knows ab
On Wed, Feb 26, 2014 at 9:58 AM, David Birdsong wrote:
> Having just gone through learning about this over the last few days,
> here's what I learned. Take it w/ a grain of salt.
>
> There are 2 ways I'm aware of.
>
> 1. turn on strict client verify and limit the ca list that the server
> knows ab
Having just gone through learning about this over the last few days, here's
what I learned. Take it w/ a grain of salt.
There are 2 ways I'm aware of.
1. turn on strict client verify and limit the ca list that the server knows
about. this will cause the server to have a limited view of what certs
I'm currently working on POC for my company which is looking to use NGINX to
validate API Requests using Client Side Certificates. Presently we have it
setup so we are self signing/generating these certificates on the local
machine and are able to use these successfully in our tests. We are also
ab
