SSL handshake failed with mutual TLS
envek at envek.name
Sat Jun 18 08:29:49 UTC 2016
I'm setting up an internal web server that will accept requests from
another systems (mostly enterprise-ish something) authenticated with
We've successfully configured interaction with two of these systems
(all with mutual TLS), and when pointed another one to this server
we've got next message in the error.log (log level for error log is
set to debug):
2016/06/16 18:07:55 [info] 21742#0: *179610 SSL_do_handshake() failed
(SSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
certificate:SSL alert number 42) while SSL handshaking, client:
10.117.252.168, server: 0.0.0.0:8443
What can cause this message? How to debug it?
Our setup is: Red Hat Enterprise Linux 7.1, Nginx 1.8.0 compiled from
sources and run from unprivileged user, internet not available, root
or sudo access not available too.
Requests from other systems handled well.
SSL configuration in nginx.conf as follows:
ssl_client_certificate /home/strela/ssl/client-ca.crt; // Both
root and intermediate certs which signed client certs are included in
Thank you in advance, please ask for any additional info if required.
With best regards, Andrey Novikov.
More information about the nginx