custodia
custodia copied to clipboard
Published
20 hours ago •
latchset
latchset
Documentation: Missing certifacate options in SimpleClientCertAuth
It could be little confusing that we cannot see notes about how to tell Custodia which certificate we would like to use.
Custodia currently accepts all valid client certificate that are trusted by the CA (global option tls_cafile). There is no additional filtering or support for CRL or OCSP status checks.
IMO we should recommend Apache mod_ssl or other TLS terminates to perform these checks for us.
