issues w/ client certificates from a self-signed CA

Michael Barrett loki77 at
Thu Aug 9 04:35:37 UTC 2012

Hi, I'm trying to get client certificate authentication going using client certificates signed by a self-signed certificate authority created with openssl.  After getting a bunch of '400 The SSL certificate error' errors I put nginx in debug mode and saw the following:

2012/08/08 23:22:14 [info] 27556#0: *1 client SSL certificate verify error: (18:self signed certificate) while reading client request headers, client:, server: _, request: "GET /blah/ HTTP/1.1", host: ""

I see that error 18 when I try to verify the client cert with the CA cert via openssl as well, but the verify still returns an 'OK' so it seems like it's more of a warning.  Would that lead to the 400 error that my client is seeing?  If so, is there anyway to get nginx to accept certificates signed by a self-signed CA?

I'm running nginx 1.1.19 on Ubuntu 12.04.  Let me know if there's any other info you might need - thanks!

Michael Barrett
loki77 at

More information about the nginx mailing list