Issues w/ client certificates from a self-signed CA

Hi, I’m trying to get client certificate authentication going using
client certificates signed by a self-signed certificate authority
created with openssl. After getting a bunch of ‘400 The SSL certificate
error’ errors I put nginx in debug mode and saw the following:

2012/08/08 23:22:14 [info] 27556#0: *1 client SSL certificate verify
error: (18:self signed certificate) while reading client request
headers, client:, server: _, request: “GET /blah/
HTTP/1.1”, host: “

I see that error 18 when I try to verify the client cert with the CA
cert via openssl as well, but the verify still returns an ‘OK’ so it
seems like it’s more of a warning. Would that lead to the 400 error
that my client is seeing? If so, is there anyway to get nginx to accept
certificates signed by a self-signed CA?

I’m running nginx 1.1.19 on Ubuntu 12.04. Let me know if there’s any
other info you might need - thanks!

Michael Barrett
[email protected]