Hi everyone,

I'm using nginx as a Proxy SSL front-end for an application, to encapsulate the security features that the application lacks. The site has to authenticate users with a personal certificate. Everything works fine, execpt the case when the user doesn't send the client certificate. In that case a 400 error is generated with the message "No required SSL certificate was sent". But I cannot change the standard page because the site requires the client certificate.

Any idea on how to do this?

Regards

Hi,

I have been able to work arround this issue by setting the option "ssl_verify_client" to "optional" instead of "on". After this I used an if statement for checking the variable "$ssl_client_verify" on its value being "NONE" (meaning no valid SSL certificate had been provided). This statement being true, you can redirect your visitors to another url. Otherwise they will continue running the rest of the server code.

In config code this looks like the following:

server {
listen 0.0.0.0:443 ssl;
ssl on;
server_name myserver.mydomain.com;
ssl_certificate_key /my/path/to/my/certificate.key;
ssl_certificate /my/path/to/my/certificate.pem;
ssl_client_certificate /my/path/to/my/ca.crt;
ssl_verify_client optional;
root /my/path/to/my/root/html;

if ($ssl_client_verify = NONE) {
return 303 http://errors.mydomain.com/400.html;
}

location / {
(whatever you want to show your verified visitors);
}
}

Please let me now if this worked for you.

Greetz!