Strange ssl_client_certificate limitation?

Francis Daly francis at
Thu Jan 14 21:32:43 UTC 2021

On Thu, Jan 14, 2021 at 09:29:25PM +0100, Rene Moser wrote:

Hi there,

> To show the limitation, I created a reproducer:
> Please tell me I did something terribly wrong.

You seem to be trying to test the different server names using

  curl -H "Host:" --insecure

If you add a "--verbose", you may see the certificate that the server is
presenting, which may hint at which server{} you are actually accessing.

You probably will want to use curl's "--resolve" command to get curl to
use SNI the way that you want. Something like

  curl --resolve --insecure

may make a better test.

Good luck with it,

Francis Daly        francis at

More information about the nginx mailing list