Forum: NGINX SSL Authentication: $ssl_client_verify

Bb7e85832e0110214043a8726ad70a76?d=identicon&s=25 Dustin Oprea (Guest)
on 2014-05-16 06:39
(Received via mailing list)
I have the following server configuration for client-authentication:

    ssl on;
    ssl_certificate     /.../certificate.pem;
    ssl_certificate_key /.../private.pem;

    ssl_client_certificate /.../ca_cert.pem;
    ssl_verify_client on;
    ssl_verify_depth 1;

It looks like I get a "Bad Request" (400) when I use a certificate
signed
by a different CA. So, what's the point of the ssl_client_verify
variable?

From Nginx's SSL module documentation (
http://nginx.org/en/docs/http/ngx_http_ssl_module.html):

    $ssl_client_verify

    returns the result of client certificate verification: “SUCCESS”,
“FAILED”, and “NONE” if a certificate was not present;



Dustin
A8108a0961c6087c43cda32c8616dcba?d=identicon&s=25 Maxim Dounin (Guest)
on 2014-05-16 13:05
(Received via mailing list)
Hello!

On Fri, May 16, 2014 at 12:37:44AM -0400, Dustin Oprea wrote:

> It looks like I get a "Bad Request" (400) when I use a certificate signed
> by a different CA. So, what's the point of the ssl_client_verify variable?
>
> From Nginx's SSL module documentation (
> http://nginx.org/en/docs/http/ngx_http_ssl_module.html):
>
>     $ssl_client_verify
>
>     returns the result of client certificate verification: “SUCCESS”,
> “FAILED”, and “NONE” if a certificate was not present;

Answer was already given to your previous message 4 days ago, see
here:

http://mailman.nginx.org/pipermail/nginx/2014-May/...

--
Maxim Dounin
http://nginx.org/
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.