SSL client certificate

Wed Mar 19 18:36:06 MSK 2008

On Wed, Mar 19, 2008 at 03:48:01PM +0100, Omar Lopez Limonta wrote:

> It doesn??t work yet,  it until returns 400 bad certificate error.
> I have two vhost with diferent SSL certificates , in the frist host  i
> have only https without client authentication, and in the second i
> have the config with client autentication, i will be a proxy pass to
> IIS  it could be a problem?
> i need code in the server side something to request the client cerficate?

Do you use named-based virtual hosts ?
Then nginx uses certificate configuraiton from the first host and do not
ask client certificate on SSL-handshake phase.

You need to bind hosts to the different IP-addresses:

     server {
         listen           192.168.1.1:443;
         server_name      one.example.com;
         ssl_certificate  one.example.com.cert;
         ...
     }

     server {
         listen           192.168.1.2:443;
         server_name      two.example.com;
         ssl_certificate  two.example.com.cert;

         ssl_client_certificate  CA.cert;
         ...
     }

-- 
Igor Sysoev
http://sysoev.ru/en/