Hello everyone.

I'm setting up an internal web server that will accept requests from
another systems (mostly enterprise-ish something) authenticated with
client certificates.

We've successfully configured interaction with two of these systems
(all with mutual TLS), and when pointed another one to this server
we've got next message in the error.log (log level for error log is
set to debug):

2016/06/16 18:07:55 [info] 21742#0: *179610 SSL_do_handshake() failed
(SSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
certificate:SSL alert number 42) while SSL handshaking, client:
10.117.252.168, server: 0.0.0.0:8443

What can cause this message? How to debug it?

Our setup is: Red Hat Enterprise Linux 7.1, Nginx 1.8.0 compiled from
sources and run from unprivileged user, internet not available, root
or sudo access not available too.

Requests from other systems handled well.

SSL configuration in nginx.conf as follows:

ssl_certificate /home/strela/ssl/strela.crt;
ssl_certificate_key /home/strela/ssl/strela.key;
ssl_client_certificate /home/strela/ssl/client-ca.crt; // Both
root and intermediate certs which signed client certs are included in
this file
ssl_verify_client on;
ssl_verify_depth 2;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

Thank you in advance, please ask for any additional info if required.

With best regards, Andrey Novikov.

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx