Hi there,

I'm trying to set up reverse proxy server with client authentication.

--- Environment ---
My CA is 2 tier.
Root CA - intermediate CA - Client Certificate.

--- Problem Discripton ---
When I accessed proxy server from laptop pc,
only the correct client certificate was suggested,
and authenticate successfully.

But when I accessed proxy server from android phone,
ALL installed client certificate was suggested,
and if I choose *wrong client certificate authenticate successfully.

*wrong client certificate : certificate that Root CA is same but intermediate CA is different,


My nginx configuration is as follows.
------------------------

ssl on;
ssl_certificate cert/servercert;
ssl_certificate_key cert/serverkey;

ssl_session_timeout 5m;

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;

ssl_verify_client on;
ssl_verify_depth 2;
ssl_client_certificate cert/intermediate.cert;
ssl_trusted_certificate cert/intermediate_and_root.cert;

--- END

Best Regards,
atsushi