Hello! On Wed, Aug 27, 2014 at 11:51:08AM -0500, Mohammad Dhedhi wrote:
> Hi, > > I was able to setup nignx with client certificate authentication and OCSP > stapling. I however noticed that OCSP is used only for the nginx server ssl > certificate. > > It does not use OCSP for validating client certificates to see if a client > is using a revoked certificate or not. Is ssl_crl the only way to checked > for revoked client certificates or can nginx be configured to use OCSP for > client certificates ? No, nginx doesn't support OCSP-based validation of client certificates, it only supports OCSP stapling. If you want to check revocation of client certificates, the only available option is to use ssl_crl. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
