multiple CAs in ssl_client_certificate does not work for me

brunoa nginx-forum at nginx.us
Thu Apr 3 11:10:30 UTC 2014


Hello,

I've seen from the doc and from this post
(http://forum.nginx.org/read.php?2,229129,229132#msg-229132) that it is
possible to specify multiple CAs in ssl_client_certificate directive.

I have nginx version 1.1.19.

here is my config:

server {
    listen 443;
    server_name mydomain.com;

    root /usr/share/nginx/www;
    ssl on;
    ssl_certificate /etc/ssl/selfsigned/myssl.crt;
    ssl_certificate_key /etc/ssl/selfsigned/myssl.key;

    ssl_client_certificate /etc/ssl/ca.pem;
    ssl_verify_depth 3;

    ssl_verify_client on;

    ssl_ciphers ALL:!ADH:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers on;

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/www;
    }

}

The ca.pem file contains 2 certificates:
# cat ca.pem
-----BEGIN CERTIFICATE-----
<content of 1st certificate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<content of 2nd certificate>
-----END CERTIFICATE-----
#

As far as I can see, the first certificate is checked, but apparently the
2nd isn't.

Any idea how I can troubleshoot that ?

Thanks,
bruno

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,248955,248955#msg-248955



More information about the nginx mailing list