Opened 7 years ago
Closed 5 years ago
#1534 closed enhancement (fixed)
OCSP client certificate validation
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-core | Version: | 1.13.x |
| Keywords: | OCSP client certificate | Cc: | |
| uname -a: | Linux | ||
| nginx -V: | 1.14.0 | ||
Description
As discussed here https://forum.nginx.org/read.php?2,252893,252895
It would be great if nginx can support using OCSP for validating client certificates.
Change History (8)
comment:1 by , 6 years ago
comment:3 by , 6 years ago
+1 We have a number of use cases that require Mutual TLS with OCSP responder checking.
We would really like to be able to use NGINX for this, but presently have no option but to use competitor products
comment:5 by , 5 years ago
Again as stated by my colleague in a previous post, we have several use cases that require Mutual TLS with OCSP responder checking. Since we have already implemented Nginx within our Ecosystem, we would like to move forward with a solution from the NGINX team. Please look into providing this as this would benefit the community as a hole.
comment:6 by , 5 years ago
Estonia uses OCSP to verify client certificate validity for national ID cards. This feature would be awesome as it would make identifications more effective.
comment:7 by , 5 years ago
In 7653:8409f9df6219/nginx:
SSL: client certificate validation with OCSP (ticket #1534).
OCSP validation for client certificates is enabled by the "ssl_ocsp" directive.
OCSP responder can be optionally specified by "ssl_ocsp_responder".
When session is reused, peer chain is not available for validation.
If the verified chain contains certificates from the peer chain not available
at the server, validation will fail.
I am also interested in this feature