Validating client certificate against CRL

nathanmesser nginx-forum at
Thu Mar 12 17:28:35 UTC 2015

We're in a similiar situation, but with many intermediate CAs and root CAs
for all the possible client certificates we accept.
We have all of these concatenated into a single file for the
ssl_client_certificate directive.

We have CRLs for some of these and not for others.

Is there any way we configure nginx so it will honour the ones we have,
without requiring us to have a CRL for all of them?
We've tried combining the ones we have into a single file, and using that in
the ssl_crl directive, but it still gives us a 400 Bad Request error.

With apache we were able to specify the directory they are all in, and have
it process the ones we have.

Posted at Nginx Forum:,255448,257227#msg-257227

More information about the nginx mailing list