Hi
We plan to use nginx to control access from IoT devices connecting to a server HTTP(S)/REST interface over TLS.
We want to use client certificates stored on the IoT devices to do TLS mutual authentication and found that nginx seems to support this application very well in reverse-proxy configuration.
We use the following nginx configuration to validate the client certificates:
ssl_client_certificate trustedClients.pem;
ssl_verify_client on;
, with trustedClients.pem containing a concatenation of all trusted client certificates.
This works very well, only clients with certificates in trustedClients.pem are allowed access.
We wonder if this is the preferred method if the trusted client list contains hundreds of clients? And if so, does some tool exists to manage the list of clients certificates in a certificate bundle?
We appriciate any assistance you can provide on this.
Best regards
Christian
We plan to use nginx to control access from IoT devices connecting to a server HTTP(S)/REST interface over TLS.
We want to use client certificates stored on the IoT devices to do TLS mutual authentication and found that nginx seems to support this application very well in reverse-proxy configuration.
We use the following nginx configuration to validate the client certificates:
ssl_client_certificate trustedClients.pem;
ssl_verify_client on;
, with trustedClients.pem containing a concatenation of all trusted client certificates.
This works very well, only clients with certificates in trustedClients.pem are allowed access.
We wonder if this is the preferred method if the trusted client list contains hundreds of clients? And if so, does some tool exists to manage the list of clients certificates in a certificate bundle?
We appriciate any assistance you can provide on this.
Best regards
Christian