Accepting Multiple TLS Client Certificates
francis at daoine.org
Tue Jun 25 22:27:46 UTC 2019
On Mon, Jun 24, 2019 at 04:58:48PM +0200, Johannes Gehrs wrote:
> as per our understanding one can provide a file with multiple certificates
> as "ssl_client_certificate". Nginx would then accept any one of the
http://nginx.org/r/ssl_client_certificate has slightly different
words for what it does. It also refers to the "ssl_verify_client" and
> In our test case we provided a chain of two certificates, a root cert and
> the client certs signed by this CA. We tried both, concatenating the files
> like this: "user1 user2 ca" and like this "user1 ca user2 ca". In all cases
> just the first certificate was accepted.
> Are we misunderstanding the expected behaviour of nginx, or is this a bug,
> or are we maybe doing something wrong?
Can you provide a config that shows the problem that you report?
>From your description, only the ca cert needs to be in the file; but
I think that including the other certs should not break anything. Can
you tell, are there the expected newlines in the file, between the certs?
Francis Daly francis at daoine.org
More information about the nginx