From owner-freebsd-questions@freebsd.org Tue Jul 30 01:12:07 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8891DBC501 for ; Tue, 30 Jul 2019 01:12:07 +0000 (UTC) (envelope-from srs0=qte4=v3=mail.sermon-archive.info=doug@sermon-archive.info) Received: from mail.sermon-archive.info (sermon-archive.info [71.177.216.148]) by mx1.freebsd.org (Postfix) with ESMTP id EC77185543 for ; Tue, 30 Jul 2019 01:12:06 +0000 (UTC) (envelope-from srs0=qte4=v3=mail.sermon-archive.info=doug@sermon-archive.info) Received: from [10.0.1.251] (mini [10.0.1.251]) by mail.sermon-archive.info (Postfix) with ESMTPSA id 45yJRz5Z0Sz2fjQB for ; Mon, 29 Jul 2019 18:11:59 -0700 (PDT) From: Doug Hardie Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Subject: OpenSSL client certificates Message-Id: <6F225C67-4264-4E28-A1E2-69CDFE321B16@mail.sermon-archive.info> Date: Mon, 29 Jul 2019 18:11:59 -0700 To: FreeBSD Questions X-Mailer: Apple Mail (2.3445.104.11) X-Virus-Scanned: clamav-milter 0.100.2 at mail X-Virus-Status: Clean X-Rspamd-Queue-Id: EC77185543 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of srs0=qte4=v3=mail.sermon-archive.info=doug@sermon-archive.info designates 71.177.216.148 as permitted sender) smtp.mailfrom=srs0=qte4=v3=mail.sermon-archive.info=doug@sermon-archive.info X-Spamd-Result: default: False [-1.61 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-0.62)[-0.622,0]; FROM_HAS_DN(0.00)[]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip4:71.177.216.148]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; NEURAL_HAM_LONG(-0.98)[-0.983,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-0.22)[asn: 5650(-1.06), country: US(-0.05)]; TO_DN_ALL(0.00)[]; MX_GOOD(-0.01)[sermon-archive.info]; NEURAL_HAM_SHORT(-0.37)[-0.371,0]; RCVD_IN_DNSWL_NONE(0.00)[148.216.177.71.list.dnswl.org : 127.0.10.0]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FORGED_SENDER(0.30)[bc979@lafn.org,srs0=qte4=v3=mail.sermon-archive.info=doug@sermon-archive.info]; RCVD_NO_TLS_LAST(0.10)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:5650, ipnet:71.177.216.0/23, country:US]; FROM_NEQ_ENVFROM(0.00)[bc979@lafn.org,srs0=qte4=v3=mail.sermon-archive.info=doug@sermon-archive.info]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jul 2019 01:12:07 -0000 I have a Lets Encrypt certificate my app uses for the clients to = validate me. However, I need to be able to validate the client's = identity using a client certificate. Lets Encrypt certificates can not = be used to create client certificates. So I need to be able to use a = self-signed certificate for the client certificate validation. I have = been digging around through nginx code to see what I could find, but I = am not sure it does that either. Any ideas on how to do this with = openssl? -- Doug