SSL handshake failed with mutual TLS

Andrey Novikov envek at
Sat Jun 18 08:29:49 UTC 2016

Hello everyone.

I'm setting up an internal web server that will accept requests from
another systems (mostly enterprise-ish something) authenticated with
client certificates.

We've successfully configured interaction with two of these systems
(all with mutual TLS), and when pointed another one to this server
we've got next message in the error.log (log level for error log is
set to debug):

2016/06/16 18:07:55 [info] 21742#0: *179610 SSL_do_handshake() failed
(SSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
certificate:SSL alert number 42) while SSL handshaking, client:, server:

What can cause this message? How to debug it?

Our setup is: Red Hat Enterprise Linux 7.1, Nginx 1.8.0 compiled from
sources and run from unprivileged user, internet not available, root
or sudo access not available too.

Requests from other systems handled well.

SSL configuration in nginx.conf as follows:

    ssl_certificate         /home/strela/ssl/strela.crt;
    ssl_certificate_key     /home/strela/ssl/strela.key;
    ssl_client_certificate  /home/strela/ssl/client-ca.crt; // Both
root and intermediate certs which signed client certs are included in
this file
    ssl_verify_client       on;
    ssl_verify_depth        2;
    ssl_session_cache       shared:SSL:10m;
    ssl_session_timeout     10m;

Thank you in advance, please ask for any additional info if required.

With best regards, Andrey Novikov.

More information about the nginx mailing list