1. Caddy version:
2.6.3
2. How I installed, and run Caddy:
$ pacman -Syu caddy
$ caddy
a. System environment:
Arch, still in the development phase. I’ll probably run it on the latest Ubuntu LTS with systemd.
b. Command:
$ caddy
c. Service/unit/compose file:
n/a
d. My complete Caddy config:
n/a
3. The problem I’m having:
I want to have subdomains for each of my customers, that is no problem. A wildcard server certificate with DNS challenge is easy.
But I want my customers to authenticate with a client certificate. That client certificate is issued by my software and immediately trusted by Caddy. I have read client_authentication
, and I need to use trusted_ca_certs
. That way any client cert signed with the CA cert pointed to here would be trusted (correct right?).
What I’m not clear on is:
- What the value of that
trusted_ca_certs
needs to be. I assume it is generated by Caddy on first start or something? - How do I use that
trusted_ca_certs
value and generate, on the fly, new client certificates? This seems out of scope? But another post on this forum suggest something like an ‘internal cert issuer’, but I can’t find how that would work.
Thank you in advance for any pointers you might have for me.
4. Error messages and/or full log output:
n/a
5. What I already tried:
Read the docs.
6. Links to relevant resources:
See the hyperlinks in the question (I can’t repeat them here b/c a new user can’t add more than 4 links).