SSL handshake failed with mutual TLS

steve steve at
Tue Jun 21 23:23:27 UTC 2016

On 06/21/2016 03:59 AM, CJ Ess wrote:
> Check that you have both the certificate and any intermediate 
> certificates in your pem file - you can skip the top-most CA 
> certificates as those are generally included in your browser's CA 
> store - but the intermediates are not.
> I believe Nginx wants certs ordered from bottom-most (your cert) to 
> top-most (ca's cert) - it used to be picky about that I haven't 
> retried the ordering in a long while.
It used to be your site cert at the top of the file. Don't know whether 
this is still true, but I always do it!

I recommend using the Qualys site ( ) 
to check and fine tune your SSL setup. They keep very current on all the 
vulns too, which is just sooo helpful.


Steve Holdoway BSc(Hons) MIITP
Skype: sholdowa

More information about the nginx mailing list