tiran
commented
7 years ago Custodia currently accepts all valid client certificate that are trusted by the CA (global option tls_cafile). There is no additional filtering or support for CRL or OCSP status checks.
IMO we should recommend Apache mod_ssl or other TLS terminates to perform these checks for us.
simo5
It could be little confusing that we cannot see notes about how to tell Custodia which certificate we would like to use.