I’m trying to set up reverse proxy server with client authentication.
— Environment —
My CA is 2 tier.
Root CA - intermediate CA - Client Certificate.
— Problem Discripton —
When I accessed proxy server from laptop pc,
only the correct client certificate was suggested,
and authenticate successfully.
But when I accessed proxy server from android phone,
ALL installed client certificate was suggested,
and if I choose *wrong client certificate authenticate successfully.
*wrong client certificate : certificate that Root CA is same but
intermediate CA is different,
My nginx configuration is as follows.
ssl on; ssl_certificate cert/servercert; ssl_certificate_key cert/serverkey; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES"; ssl_prefer_server_ciphers on; ssl_verify_client on; ssl_verify_depth 2; ssl_client_certificate cert/intermediate.cert; ssl_trusted_certificate cert/intermediate_and_root.cert;
Posted at Nginx Forum: