Client certificate authentication error

tory nginx-forum at forum.nginx.org
Wed Apr 26 13:49:40 UTC 2017 

Hello.
I am trying to implement a client certificate using nginx on Ubuntu 16.04.
Firefox browser "400 Bad Request No required SSL certificate was sent "error
occurs.

To solve the above error, I release everything for the development process
and configuration tests.

1. create client certificate file(openssl 1.0.2g)


openssl genrsa -des3 -out ca.key 2048  (pass :  1234)

openssl req -new -key ca.key -out ca.csr -subj
/C=KR/ST=Seoul/L=Guro-gu/O=company/CN=www.wemakeusa.com/emailAddress=company at wemakeusa.com

openssl x509 -req -days 1280 -in ca.csr -signkey ca.key -out ca.crt

openssl rsa -in ca.key -out ca_key.pem

--

openssl genrsa -des3 -out server.key 2048  (pass : 12345)

openssl req -new -key server.key -out server.csr -subj
/C=KR/ST=Seoul/L=Guro-gu/O=req
company/CN=www.wemakeusa.com/emailAddress=manager at wemakeusa.com

openssl x509 -req -in server.csr -out server.crt -signkey server.key -CA
ca.crt -CAkey ca.key -CAcreateserial -days 365

openssl rsa -in server.key -out server_key.pem

--

openssl genrsa -des3 -out client.key 2048  (pass : 123456)

openssl req -new -key client.key -out client.csr -subj
/C=KR/ST=Seoul/L=Guro-gu/O=Users/CN=www.wemakeusa.com/emailAddress=users at wemakeusa.com

openssl x509 -req -in client.csr -out client.crt -signkey client.key -CA
server.crt -CAkey server.key -CAcreateserial -days 365

openssl rsa -in client.key -out client_key.pem


openssl pkcs12 -in client.crt -inkey client.key -export -out client.p12



2. Nginx configure(1.10.0)

server {
    listen        443;
    ssl on;
    server_name www.wemakeusa.com;

    error_log   /home/ubuntu/nginx-error.log debug;

    ssl_certificate      /home/ubuntu/ssl-der/server.crt;
    ssl_certificate_key  /home/ubuntu/ssl-der/server_key.pem;
    ssl_client_certificate /home/ubuntu/ssl-der/ca.crt;
    ssl_verify_client on;
    ssl_verify_depth 3;

    location / {
        root           /var/www/wemakeusa.com;
        index index.html;
        if ($ssl_client_i_dn != "CN = company") {
            return 403;
        }
        if ($ssl_client_i_dn != "emailAddress=user at wemakeusa.com") {
            return 403;
        }
    }
}


3. SSL testing

https://www.ssllabs.com/ssltest/analyze.html?d=www.wemakeusa.com



4. Download files for exams

http://www.wemakeusa.com/certificate_file.tar



I have registered p12 certificate and ca certificate in my Firefox browser,
but I get "400 Bad Request".

I need help with 'multiple user cilent certificate authentication' tips and
solutions for errors.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,273879,273879#msg-273879

More information about the nginx mailing list