So far we were able to run nginx (1.0.x & 1.2.x) with SSL client
verification enabled where certs were signed by single root CA:
Now we would like to introduce chained CAs:
root CA -> intermediate CA -> client cert
so nginx should be able to verify client certificates which are signed
by intermediate CA. Unfortunately I was not able make it working (I see
that development version 1.3.x has some additional options which would
suggest that this setup can work with it). Is this setup possible with
nginx 1.2.x ?
Some other people had identical problem:
SSL module documentation (http://wiki.nginx.org/HttpSslModule)
mentions that SSL module “supports checking client certificates with two
limitations” whereas 2nd limitation seems to be related to server
cetificate rather than client certificate. Is this a bad wording or am
I missing something there ?