Strange ssl_client_certificate limitation?

Rene Moser mail at
Thu Jan 14 22:10:40 UTC 2021

The only way I was able to accept both certs but use the one or the 
other in the vhost was to bundle the certs and distinguish by issuer dn, 

This works as expected, but feels kind of a hack. Any other suggestions?

On 14.01.21 21:29, Rene Moser wrote:
> Hi
> I have a hard time with ssl_client_certificate.
> I try to use vhosts with 2 separated CA in ssl_client_certificate 
> configs but I was not able to do it as expected. The later 
> ssl_client_certificate was not taken in effect and even more unexpected 
> I was able to use the first client cert to auth in the seconds vhost.
> To show the limitation, I created a reproducer:
> Please tell me I did something terribly wrong.
> Regards
> René
> _______________________________________________
> nginx mailing list
> nginx at

More information about the nginx mailing list