SSL handshake failed with mutual TLS

steve steve at greengecko.co.nz
Tue Jun 21 23:23:27 UTC 2016



On 06/21/2016 03:59 AM, CJ Ess wrote:
> Check that you have both the certificate and any intermediate 
> certificates in your pem file - you can skip the top-most CA 
> certificates as those are generally included in your browser's CA 
> store - but the intermediates are not.
>
> I believe Nginx wants certs ordered from bottom-most (your cert) to 
> top-most (ca's cert) - it used to be picky about that I haven't 
> retried the ordering in a long while.
>
>
It used to be your site cert at the top of the file. Don't know whether 
this is still true, but I always do it!

I recommend using the Qualys site ( https://www.ssllabs.com/ssltest/ ) 
to check and fine tune your SSL setup. They keep very current on all the 
vulns too, which is just sooo helpful.

Steve

-- 
Steve Holdoway BSc(Hons) MIITP
http://www.greengecko.co.nz
Linkedin: http://www.linkedin.com/in/steveholdoway
Skype: sholdowa



More information about the nginx mailing list