SSL Authentication: $ssl_client_verify

Dustin Oprea myselfasunder at gmail.com
Fri May 16 04:37:44 UTC 2014


I have the following server configuration for client-authentication:

    ssl on;
    ssl_certificate     /.../certificate.pem;
    ssl_certificate_key /.../private.pem;

    ssl_client_certificate /.../ca_cert.pem;
    ssl_verify_client on;
    ssl_verify_depth 1;

It looks like I get a "Bad Request" (400) when I use a certificate signed
by a different CA. So, what's the point of the ssl_client_verify variable?

>From Nginx's SSL module documentation (
http://nginx.org/en/docs/http/ngx_http_ssl_module.html):

    $ssl_client_verify

    returns the result of client certificate verification: “SUCCESS”,
“FAILED”, and “NONE” if a certificate was not present;



Dustin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20140516/9d29520a/attachment-0001.html>


More information about the nginx mailing list