Accepting Multiple TLS Client Certificates
Francis Daly
francis at daoine.org
Tue Jun 25 22:27:46 UTC 2019
On Mon, Jun 24, 2019 at 04:58:48PM +0200, Johannes Gehrs wrote:
Hi there,
> as per our understanding one can provide a file with multiple certificates
> as "ssl_client_certificate". Nginx would then accept any one of the
> certificates.
http://nginx.org/r/ssl_client_certificate has slightly different
words for what it does. It also refers to the "ssl_verify_client" and
"ssl_trusted_certificate" directives.
> In our test case we provided a chain of two certificates, a root cert and
> the client certs signed by this CA. We tried both, concatenating the files
> like this: "user1 user2 ca" and like this "user1 ca user2 ca". In all cases
> just the first certificate was accepted.
>
> Are we misunderstanding the expected behaviour of nginx, or is this a bug,
> or are we maybe doing something wrong?
Can you provide a config that shows the problem that you report?
>From your description, only the ca cert needs to be in the file; but
I think that including the other certs should not break anything. Can
you tell, are there the expected newlines in the file, between the certs?
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list