[LRUG] SSL client certificates

Jerry Steele ticktockhouse at gmail.com
Wed Jun 17 08:11:18 PDT 2020


Hi Andrew,

I posted an answer to your question on SO:

https://stackoverflow.com/questions/62259720/how-to-get-nginx-to-verify-mit-personal-certificates/62432295#62432295

Thanks

Jerry


On Wed, 17 Jun 2020 at 15:17, Tim Diggins <tim at red56.uk> wrote:

> Hi Andrew
>
> Just read your SO post and I feel your pain.  I just spent hours trying to
> get a CA chain (purely in a server cert) to work by concatenating various
> intermediate certs into a pem and it was a vale of tears (in the end found
> a mechanism to download the correctly concatenated CA chain from my cert
> provider, so while I learned a lot about openssl, I did reach the edge of
> my understanding which turned out to be not that far). It's also a
> nightmare when you don't have usable access credentials your users do
> (whether certs or active directory config or whatever).
>
> You may have considered this already, but it might be worth checking
> whether you can set this up correctly by creating a self-signed Certificate
> Authority, creating some certs with it, and then setting up a staging nginx
> server with a parallel config to your live one and see if it works
> correctly. Seems like this might not take that long to do and might give
> you some insight as to which of your assumptions are correct.
>
> all best
>
> Tim
>
> On Wed, 17 Jun 2020 at 14:23, Andrew Stewart <boss at airbladesoftware.com>
> wrote:
>
>> Hello LRUG!
>>
>> Are you (a) handy with SSL and (b) bored?
>>
>> I'm trying to get Nginx to validate client SSL certificates signed by
>> MIT's certificate authority:
>>
>>         https://stackoverflow.com/q/62259720/151007
>>
>> But I'm stuck.  Any help would be much appreciated.
>>
>> Many thanks!
>>
>> Andrew Stewart
>> _______________________________________________
>> Chat mailing list
>> Chat at lists.lrug.org
>> Archives: http://lists.lrug.org/pipermail/chat-lrug.org
>> Manage your subscription: http://lists.lrug.org/options.cgi/chat-lrug.org
>> List info: http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>>
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> Archives: http://lists.lrug.org/pipermail/chat-lrug.org
> Manage your subscription: http://lists.lrug.org/options.cgi/chat-lrug.org
> List info: http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>


-- 
---

Jerry Steele
Telephone: +44 (0)7492 910225
GPG: 43A3A8C6
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20200617/df626c91/attachment.html>


More information about the Chat mailing list