here is my config section on my nginx.conf
...
ssl_client_certificate /usr/local/nginx2/conf/ca.crt;
ssl_verify_client on;
...
I used "cat clientxxx.crt >> /usr/local/nginx2/conf/ca.crt " when I created a new .crt for a client, if the client total number is less than six, all works fine, but when I added more into ca.crt, the client's browser will say the following messages:
400 Bad Request
The SSL certificate error
Here is the error log for it at the same time:
/var/log/nginx/error.log
2016/04/14 23:53:10 [alert] 14193#0: *1062 ignoring stale global SSL error (SSL: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01 error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib) while waiting for request, client: 112.80.158.175, server: 0.0.0.0:9983
I appreciate your idea and solution.
Thanks
Simon
