Client Certificate verification for mail

Gurdipe_D · June 5, 2012, 6:04pm

Hi NGINX team,

I can read here :
http://mailman.nginx.org/pipermail/nginx/2007-March/000825.html

and in this thread :
http://mailman.nginx.org/pipermail/nginx-ru/2009-July/026304.html

that the client certificate verification is not supported by NGINX (and
that there is no RFE for it).

We want to implement client certificate verification for IMAP and POP
connection and we plan to rely on NGINX for scalability.

I think that it is possible to implement client certificate verification
in NGINX but I still need to know :

if it is a trivial task
if I can do it only with addons
why it isn’t already in NGINX core ?

I will apreciate if someone can give me directions on that subject.

Best regards,

Florent

Florent_Manens · June 5, 2012, 6:13pm

Hello!

On Tue, Jun 05, 2012 at 06:04:02PM +0200, Florent Manens wrote:

mail ssl

that the client certificate verification is not supported by NGINX (and that
there is no RFE for it).

We want to implement client certificate verification for IMAP and POP connection
and we plan to rely on NGINX for scalability.

I think that it is possible to implement client certificate verification in
NGINX but I still need to know :

if it is a trivial task

More or less.

if I can do it only with addons

No.

why it isn’t already in NGINX core ?

The second link (or, rather, Igor’s reply to it) explains the
reason. It’s more or less useless for large scale installations
where nginx mail proxy is generally used.

Maxim D.