Hello,

I've seen from the doc and from this post (http://forum.nginx.org/read.php?2,229129,229132#msg-229132) that it is possible to specify multiple CAs in ssl_client_certificate directive.

I have nginx version 1.1.19.

here is my config:

server {
listen 443;
server_name mydomain.com;

root /usr/share/nginx/www;
ssl on;
ssl_certificate /etc/ssl/selfsigned/myssl.crt;
ssl_certificate_key /etc/ssl/selfsigned/myssl.key;

ssl_client_certificate /etc/ssl/ca.pem;
ssl_verify_depth 3;

ssl_verify_client on;

ssl_ciphers ALL:!ADH:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/www;
}

}

The ca.pem file contains 2 certificates:
# cat ca.pem
-----BEGIN CERTIFICATE-----
<content of 1st certificate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<content of 2nd certificate>
-----END CERTIFICATE-----
#

As far as I can see, the first certificate is checked, but apparently the 2nd isn't.

Any idea how I can troubleshoot that ?

Thanks,
bruno