Forum: NGINX multiple CAs in ssl_client_certificate does not work for me

2974d09ac2541e892966b762aad84943?d=identicon&s=25 brunoa (Guest)
on 2014-04-03 13:10
(Received via mailing list)
Hello,

I've seen from the doc and from this post
(http://forum.nginx.org/read.php?2,229129,229132#msg-229132) that it is
possible to specify multiple CAs in ssl_client_certificate directive.

I have nginx version 1.1.19.

here is my config:

server {
    listen 443;
    server_name mydomain.com;

    root /usr/share/nginx/www;
    ssl on;
    ssl_certificate /etc/ssl/selfsigned/myssl.crt;
    ssl_certificate_key /etc/ssl/selfsigned/myssl.key;

    ssl_client_certificate /etc/ssl/ca.pem;
    ssl_verify_depth 3;

    ssl_verify_client on;

    ssl_ciphers ALL:!ADH:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers on;

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/www;
    }

}

The ca.pem file contains 2 certificates:
# cat ca.pem
-----BEGIN CERTIFICATE-----
<content of 1st certificate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<content of 2nd certificate>
-----END CERTIFICATE-----
#

As far as I can see, the first certificate is checked, but apparently
the
2nd isn't.

Any idea how I can troubleshoot that ?

Thanks,
bruno

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,248955,248955#msg-248955
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.