Welcome! Log In Create A New Profile

Advanced

SSL client verification with chained CA

Previous Message Next Message
Forum List Message List New Topic Print View
Marcin Deranek
October 30, 2012 06:18AM
Hi,

So far we were able to run nginx (1.0.x & 1.2.x) with SSL client
verification enabled where certs were signed by single root CA:

ssl on;
ssl_certificate server_cert_signed_by_CA.pem;
ssl_certificate_key server_key.pem;
ssl_client_certificate ca_cert.pem;
ssl_verify_client optional;

Now we would like to introduce chained CAs:

root CA -> intermediate CA -> client cert

so nginx should be able to verify client certificates which are signed
by intermediate CA. Unfortunately I was not able make it working (I see
that development version 1.3.x has some additional options which would
suggest that this setup can work with it). Is this setup possible with
nginx 1.2.x ?
Some other people had identical problem:
http://stackoverflow.com/questions/8431528/nginx-ssl-certificate-authentication-signed-by-intermediate-ca-chain

SSL module documentation (http://wiki.nginx.org/HttpSslModule)
mentions that SSL module "supports checking client certificates with two
limitations" whereas 2nd limitation seems to be related to server
cetificate rather than client certificate. Is this a bad wording or am
I missing something there ?
Regards,

Marcin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

SSL client verification with chained CA

Marcin Deranek October 30, 2012 06:18AM

Re: SSL client verification with chained CA

Marcin Deranek October 30, 2012 07:40AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 176
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready