Accepting Multiple TLS Client Certificates

Francis Daly francis at
Tue Jun 25 22:27:46 UTC 2019

On Mon, Jun 24, 2019 at 04:58:48PM +0200, Johannes Gehrs wrote:

Hi there,

> as per our understanding one can provide a file with multiple certificates
> as "ssl_client_certificate". Nginx would then accept any one of the
> certificates. has slightly different
words for what it does. It also refers to the "ssl_verify_client" and
"ssl_trusted_certificate" directives.

> In our test case we provided a chain of two certificates, a root cert and
> the client certs signed by this CA. We tried both, concatenating the files
> like this: "user1 user2 ca" and like this "user1 ca user2 ca". In all cases
> just the first certificate was accepted.
> Are we misunderstanding the expected behaviour of nginx, or is this a bug,
> or are we maybe doing something wrong?

Can you provide a config that shows the problem that you report?

>From your description, only the ca cert needs to be in the file; but
I think that including the other certs should not break anything. Can
you tell, are there the expected newlines in the file, between the certs?

Francis Daly        francis at

More information about the nginx mailing list