Opened 20 months ago
NGNIX needs root cert in the chain for Client validation.
|Reported by:||Owned by:|
In a CA ca hierarchy sub-ca/issuing CA issues the cert to two device and mutual authentication needs to happen. Sub-CA/Issuing CA wont issue the root ca public cert.
CA-offline------> Sub-ca-------> ngnix server
When a client and ngnix server get the certificate from the subca. When client sent a request to authenticate it will fail with 400 BAD request. As soon as I add the rootCA public cert it authenticates.
Ngnix code used in IoT platform might require a manual process to copy the root ca public key to millions of devices. There should be a way to authenticate the client and server with the Sub-ca certificate itself.