So, I manage my server with docker containers (nginx-proxy and the letsencrypt-companion). I limit access to some subdomains using basic auth, but I want to use client certificates for convenience.

So my questions to the experts:
1) Do you know a good (and convenient) way to manage client certificates ? This should include revoking certs and allowing specific certs only for specific subdomains.
2) Should I use my letsencrypt CA for this or would a self signed CA better suited?
3) Any things I should be aware of?

  • 2
    1. Client auth and HTTPS should be possible with different CAs. So you should only use an own CA for client Certs
    2. There are multple Ways for this. An own CA makes it easier with verification, but you will need an method to invalidate certs and the managing is not easy.
Add Comment