SSL Authentication: $ssl_client_verify

I have the following server configuration for client-authentication:

ssl on;
ssl_certificate     /.../certificate.pem;
ssl_certificate_key /.../private.pem;

ssl_client_certificate /.../ca_cert.pem;
ssl_verify_client on;
ssl_verify_depth 1;

It looks like I get a “Bad Request” (400) when I use a certificate
signed
by a different CA. So, what’s the point of the ssl_client_verify
variable?

From Nginx’s SSL module documentation (
Module ngx_http_ssl_module):

$ssl_client_verify

returns the result of client certificate verification: “SUCCESS”,

“FAILED”, and “NONE” if a certificate was not present;

Dustin

Hello!

On Fri, May 16, 2014 at 12:37:44AM -0400, Dustin Oprea wrote:

It looks like I get a “Bad Request” (400) when I use a certificate signed
by a different CA. So, what’s the point of the ssl_client_verify variable?

From Nginx’s SSL module documentation (
Module ngx_http_ssl_module):

$ssl_client_verify

returns the result of client certificate verification: “SUCCESS”,

“FAILED”, and “NONE” if a certificate was not present;

Answer was already given to your previous message 4 days ago, see
here:

http://mailman.nginx.org/pipermail/nginx/2014-May/043552.html


Maxim D.
http://nginx.org/