failure to limit access to a secure area with self-signed client SSL cert fingerprint match
francis at daoine.org
Wed Mar 22 00:54:00 UTC 2023
On Tue, Mar 21, 2023 at 07:02:23PM -0400, PGNet Dev wrote:
> > What does the error_log say about this request and response?
> 2023/03/21 18:52:14 [info] 4955#4955: *7 client SSL certificate verify error: certificate status request failed while reading client request headers, client: 2401::...::1, server: example.com, request: "GET / HTTP/2.0", host: "example.com"
That'll be why nginx blocks the access, at least -- the client cert is
not verified as good.
You have indicated that the client cert has:
Issuer: C = US, ST = NY, O = example.com, OU = example.com_CA, CN = example.com_CA_INT, emailAddress = ssl at example.com
Do you have the certificate that has that value as the Subject? What
is that certificate's Issuer? And repeat until you get to the root
And which of the ssl*certificate files named in your config holds those certificates?
Francis Daly francis at daoine.org
More information about the nginx