On 13 Apr 2016, at 03:01, Ramon_Ali <nginx-forum@forum.nginx.org> wrote:

> Hi, i was wanting to return a 403 when invalid client certificate submitted,
> however Nginx 1.9.6 returning 400 Bad Request, The SSL Certificate Error.
> Seems to return 403 fine when no certificate is submitted, but any clues on
> getting it to return a 403 work when invalid (signed by unauthorised CA)
> certificate submitted.
>
> Nginx server block -
>
> server {
> listen 443 ssl;
> server_name server.com;
>
> ssl_certificate /etc/nginx/server.crt;
> ssl_certificate_key /etc/nginx/server.key;
>
> ssl_client_certificate /etc/nginx/client_ca.crt;
> ssl_verify_client optional;
> ssl_verify_depth 2;
>
> if ($ssl_client_verify != SUCCESS ) {
> return 403;
> }

http://nginx.org/en/docs/http/ngx_http_ssl_module.html#errors

error_page 495 496 =403 /403.html;


--
Igor Sysoev
http://nginx.com

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx