Multiple CAs in ssl_client_certificate does not work for me

musicdenotation · April 3, 2014, 1:10pm

Hello,

I’ve seen from the doc and from this post
(Re: Does Nginx allow to specify multiple root certificates for client certificate verification?) that it is
possible to specify multiple CAs in ssl_client_certificate directive.

I have nginx version 1.1.19.

here is my config:

server {
listen 443;
server_name mydomain.com;

root /usr/share/nginx/www;
ssl on;
ssl_certificate /etc/ssl/selfsigned/myssl.crt;
ssl_certificate_key /etc/ssl/selfsigned/myssl.key;

ssl_client_certificate /etc/ssl/ca.pem;
ssl_verify_depth 3;

ssl_verify_client on;

ssl_ciphers ALL:!ADH:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;

error_page   500 502 503 504  /50x.html;
location = /50x.html {
    root   /usr/share/nginx/www;
}

}

The ca.pem file contains 2 certificates:

cat ca.pem

-----BEGIN CERTIFICATE-----
<content of 1st certificate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<content of 2nd certificate>
-----END CERTIFICATE-----

As far as I can see, the first certificate is checked, but apparently
the
2nd isn’t.

Any idea how I can troubleshoot that ?

Thanks,
bruno

Posted at Nginx Forum: