Hi,
I am about to use SSL module of Nginx. By compared with apache2
mod_ssl, its option SSLVerifyClient'', allow used in server config, virtual host, directory. In Nginx,
ssl_verify_client’’ only allow
main and server sector. Apache SSLVerifyClient also support 4 levels
to verify client certificate, none, optional, require, optional_no_ca''. The
optional’’ level is very usable, I hope Nginx
can support. And also support ``ssl_verify_client’’ in directory
sector.
By the way, there is another question about SSL module.
I created one Root CA Certificate, one Intermediate CA Certificate (
Signed by Root CA. So it’s chain certificate, isn’t it? ). Then I
create one server certificate and one user certificate signed by
Intermediate CA, server certificate is used for Nginx SSL.
From Nginx english wiki/document, ``cat chain.crt >> mysite.com.crt’’,
I found that, I havn’t done it, but Nginx SSL work fine.
And I must define ssl_client_certificate to use Root CA Certificate to
verify client ( also set ssl_verify_depth to 2) , I can’t use
Intermediate CA to verify client, is it true?
Regards.