nginx setup to change x509 certificate validation

naarani · 2019-12-12T00:03:55+00:00

Doesn't it use configs from `/usr/local/openresty/nginx/conf` (which is often symlinked to /etc/openresty).On Wed, Dec 11, 2019 at 5:32 PM Rob...

nginx setup to change x509 certificate validation

naarani

hi!

I was using nginx with mutual authentication, actually, I was using it as in Ingress in Kubernetes, however, the Ingress was changed to use openresty /nginx.

The problem I have at the moment is that openresty validates the client certificates it receives, while nginx did not do it: it checked only the client certificates were emitted from a valid CA, as in mutual authentication.

My certificates are made from our government, and are malformed :-) they're used for authentication, but flagged for signature :-/ and i can't' change the LAW and ASK to re-emit 'em...

Is there a way to ask openresty NOT to check certificates flags?

thanks a lot,

kind regards