SSL Client Authentication
Maxim Dounin
mdounin at mdounin.ru
Mon May 12 17:29:47 UTC 2014
Hello!
On Mon, May 12, 2014 at 10:41:47AM -0400, Dustin Oprea wrote:
> I have the following *server* configuration for client-authentication:
>
> ssl on;
> ssl_certificate /.../deploy_api_certificate.pem;
> ssl_certificate_key /.../deploy_api_private.pem;
>
> ssl_client_certificate /.../ca_cert.pem;
> ssl_verify_client on;
> ssl_verify_depth 1;
>
>
> It looks like I get a "Bad Request" (400) when I use a certificate signed
> by a different CA. So, what's the point of the *ssl_client_verify* variable?
It's mostly useful with "ssl_verify_client optional", see
http://nginx.org/r/ssl_verify_client for details.
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list