Peer closed connection in SSL handshake

tory nginx-forum at forum.nginx.org
Wed Jun 14 13:59:18 UTC 2017


Hello.
I want to authenticate my server using certificates on my hardware.

I have created a private certificate with openssl and have completed the
connection test without errors in the browser.


This is the setting for nginx.

server {
        listen 14443;
        listen [::]:14443;
        ssl on;
        ignore_invalid_headers off;
        proxy_ssl_server_name on;
        server_name cert.mydomain.com;

        root /var/service/auth;
        index index.html;

#include /etc/nginx/mime.types;       

        error_log /var/log/nginx/auth_ssl_err.log debug;
        access_log /var/log/nginx/auth_ssl_acc.log;

    ssl_certificate      /etc/nginx/ssl/private/server.crt;
    ssl_certificate_key  /etc/nginx/ssl/private/server_key.pem;
    ssl_client_certificate /etc/nginx/ssl/private/ca.crt;
    ssl_verify_client on;
    ssl_verify_depth 2;
    ssl_session_cache   shared:SSL:5m;
    ssl_session_timeout 5m;

        ssl_protocols SSLv3 TLSv1;
        ssl_ciphers
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
        ssl_prefer_server_ciphers on;

        if ($request_method !~ ^(GET|HEAD|PUT|POST|DELETE|OPTIONS)$ ){
                return 405;
        }

        location / {
            proxy_pass              http://localhost:8880;
            proxy_set_header        X-Real-IP $remote_addr;
            proxy_set_header        X-Forwarded-For
$proxy_add_x_forwarded_for;
            proxy_set_header        Host $http_host;
            proxy_set_header        cert-expire $ssl_client_v_end;
            proxy_set_header        cert-dn $ssl_client_s_dn;
            proxy_redirect          default;
        }
}

I get an error when I connect to the server with a user certificate (crt
file) on my hardware.

Peer closed connection in SSL handshake (104: Connection reset by peer)
while SSL handshaking, client: 222.110.133.193, server: 0.0.0.0:14001

Please help me with what is wrong.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274863,274863#msg-274863



More information about the nginx mailing list