$ssl_client_verify not working?
Igor Sysoev
igor at sysoev.ru
Thu Apr 14 19:09:13 UTC 2016
On 13 Apr 2016, at 03:01, Ramon_Ali <nginx-forum at forum.nginx.org> wrote:
> Hi, i was wanting to return a 403 when invalid client certificate submitted,
> however Nginx 1.9.6 returning 400 Bad Request, The SSL Certificate Error.
> Seems to return 403 fine when no certificate is submitted, but any clues on
> getting it to return a 403 work when invalid (signed by unauthorised CA)
> certificate submitted.
>
> Nginx server block -
>
> server {
> listen 443 ssl;
> server_name server.com;
>
> ssl_certificate /etc/nginx/server.crt;
> ssl_certificate_key /etc/nginx/server.key;
>
> ssl_client_certificate /etc/nginx/client_ca.crt;
> ssl_verify_client optional;
> ssl_verify_depth 2;
>
> if ($ssl_client_verify != SUCCESS ) {
> return 403;
> }
http://nginx.org/en/docs/http/ngx_http_ssl_module.html#errors
error_page 495 496 =403 /403.html;
--
Igor Sysoev
http://nginx.com
More information about the nginx
mailing list