failure to limit access to a secure area with self-signed client SSL cert fingerprint match

Francis Daly francis at daoine.org
Wed Mar 22 00:54:00 UTC 2023


On Tue, Mar 21, 2023 at 07:02:23PM -0400, PGNet Dev wrote:
> > What does the error_log say about this request and response?

> 	2023/03/21 18:52:14 [info] 4955#4955: *7 client SSL certificate verify error: certificate status request failed while reading client request headers, client: 2401::...::1, server: example.com, request: "GET / HTTP/2.0", host: "example.com"

That'll be why nginx blocks the access, at least -- the client cert is
not verified as good.

You have indicated that the client cert has:

Issuer: C = US, ST = NY, O = example.com, OU = example.com_CA, CN = example.com_CA_INT, emailAddress = ssl at example.com

Do you have the certificate that has that value as the Subject? What
is that certificate's Issuer? And repeat until you get to the root
certificate.

And which of the ssl*certificate files named in your config holds those certificates?

	f
-- 
Francis Daly        francis at daoine.org


More information about the nginx mailing list