Opened 3 years ago

#2131 new enhancement

NGNIX needs root cert in the chain for Client validation.

Reported by: vasu767@… Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.19.x
Keywords: Cc:
uname -a:
nginx -V: 1.2


In a CA ca hierarchy sub-ca/issuing CA issues the cert to two device and mutual authentication needs to happen. Sub-CA/Issuing CA wont issue the root ca public cert.
CA-offline------> Sub-ca-------> ngnix server



When a client and ngnix server get the certificate from the subca. When client sent a request to authenticate it will fail with 400 BAD request. As soon as I add the rootCA public cert it authenticates.

Ngnix code used in IoT platform might require a manual process to copy the root ca public key to millions of devices. There should be a way to authenticate the client and server with the Sub-ca certificate itself.

Change History (0)

Note: See TracTickets for help on using tickets.