3:unable to get certificate CRL
Maxim Dounin
mdounin at mdounin.ru
Thu Mar 12 17:03:26 UTC 2015
Hello!
On Thu, Mar 12, 2015 at 04:25:08PM +0000, Janet Valbuena wrote:
> Hi Nginx Team
>
> I'm having problems configuring NGINX to use a CRL.
>
> I've created the CRL using OpenSSL 0.9.8e and my Nginx version is 1.4.1.
>
> I'm using a self-signed certificate and an intermediate certificate.
>
> The lines for the SSL in my config are:
>
> server {
> > listen 10446 ssl;
> >
> > ssl_session_cache shared:SSL:10m;
> > ssl_session_timeout 10m;
> > ssl_prefer_server_ciphers on;
> >
> > ssl_certificate /etc/nginx/ssl/star_net.crt;
> > ssl_certificate_key /etc/nginx/ssl/star_net.key;
> >
> > ssl_client_certificate /etc/certs/ca-chain.cert.pem;
> >
> > ssl_crl /etc/certs/crl.cert.pem;
> >
> > ssl_verify_client on;
> > ssl_verify_depth 2;
> >
> >
> If I comment the ssl_crl line, I don't get any errors.
>
> However as soon as I uncomment it I get this error:
>
> ..... client SSL certificate verify error: (3:unable to get certificate
> > CRL) while reading client request headers, client: ....
> >
>
> I can't see what is wrong in my config. Help please.
The error suggests that you don't have CRL for at least one of
the certificates in the chain.
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list