Client Authentication Problem when access from android phone

atsushi2550 nginx-forum at
Fri Jan 8 08:33:56 UTC 2016

Hi there,

I'm trying to set up reverse proxy server with client authentication.

--- Environment  ---
My CA is 2 tier.
Root CA - intermediate CA - Client Certificate.

--- Problem Discripton ---
When I accessed proxy server from laptop pc, 
only the correct client certificate was suggested,
and authenticate successfully.

But when I accessed proxy server from android phone, 
ALL installed client certificate was suggested,
and if I choose *wrong client certificate authenticate successfully.

*wrong client certificate : certificate that Root CA is same but
intermediate CA is different,

My nginx configuration is as follows.

    ssl on;
    ssl_certificate cert/servercert;
    ssl_certificate_key cert/serverkey;

    ssl_session_timeout 5m;

    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
    ssl_prefer_server_ciphers on;

    ssl_verify_client on;
    ssl_verify_depth 2;
    ssl_client_certificate cert/intermediate.cert;
    ssl_trusted_certificate cert/intermediate_and_root.cert;

--- END

Best Regards,

Posted at Nginx Forum:,263895,263895#msg-263895

More information about the nginx mailing list