Open celestian opened 7 years ago
Custodia currently accepts all valid client certificate that are trusted by the CA (global option tls_cafile
). There is no additional filtering or support for CRL or OCSP status checks.
IMO we should recommend Apache mod_ssl or other TLS terminates to perform these checks for us.
+1
It could be little confusing that we cannot see notes about how to tell Custodia which certificate we would like to use.