$ssl_client_verify not working?

Ramon_Ali nginx-forum at forum.nginx.org
Wed Apr 13 00:01:57 UTC 2016

Hi, i was wanting to return a 403 when invalid client certificate submitted,
however Nginx 1.9.6 returning 400 Bad Request, The SSL Certificate Error.
Seems to return 403 fine when no certificate is submitted, but any clues on
getting it to return a 403 work when invalid (signed by unauthorised CA)
certificate submitted.

Nginx server block - 
    server {
       listen       443 ssl;
       server_name  server.com;

       ssl_certificate   /etc/nginx/server.crt;
       ssl_certificate_key  /etc/nginx/server.key;

       ssl_client_certificate  /etc/nginx/client_ca.crt;
       ssl_verify_client optional;
       ssl_verify_depth 2;

       if ($ssl_client_verify != SUCCESS ) {
       return 403;

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,266136,266136#msg-266136

More information about the nginx mailing list