Hello.
I am trying to implement a client certificate using nginx on Ubuntu 16.04.
Firefox browser "400 Bad Request No required SSL certificate was sent "error occurs.
To solve the above error, I release everything for the development process and configuration tests.
1. create client certificate file(openssl 1.0.2g)
openssl genrsa -des3 -out ca.key 2048 (pass : 1234)
openssl req -new -key ca.key -out ca.csr -subj /C=KR/ST=Seoul/L=Guro-gu/O=company/CN=www.wemakeusa.com/emailAddress=company@wemakeusa.com
openssl x509 -req -days 1280 -in ca.csr -signkey ca.key -out ca.crt
openssl rsa -in ca.key -out ca_key.pem
--
openssl genrsa -des3 -out server.key 2048 (pass : 12345)
openssl req -new -key server.key -out server.csr -subj /C=KR/ST=Seoul/L=Guro-gu/O=req company/CN=www.wemakeusa.com/emailAddress=manager@wemakeusa.com
openssl x509 -req -in server.csr -out server.crt -signkey server.key -CA ca.crt -CAkey ca.key -CAcreateserial -days 365
openssl rsa -in server.key -out server_key.pem
--
openssl genrsa -des3 -out client.key 2048 (pass : 123456)
openssl req -new -key client.key -out client.csr -subj /C=KR/ST=Seoul/L=Guro-gu/O=Users/CN=www.wemakeusa.com/emailAddress=users@wemakeusa.com
openssl x509 -req -in client.csr -out client.crt -signkey client.key -CA server.crt -CAkey server.key -CAcreateserial -days 365
openssl rsa -in client.key -out client_key.pem
openssl pkcs12 -in client.crt -inkey client.key -export -out client.p12
2. Nginx configure(1.10.0)
server {
listen 443;
ssl on;
server_name www.wemakeusa.com;
error_log /home/ubuntu/nginx-error.log debug;
ssl_certificate /home/ubuntu/ssl-der/server.crt;
ssl_certificate_key /home/ubuntu/ssl-der/server_key.pem;
ssl_client_certificate /home/ubuntu/ssl-der/ca.crt;
ssl_verify_client on;
ssl_verify_depth 3;
location / {
root /var/www/wemakeusa.com;
index index.html;
if ($ssl_client_i_dn != "CN = company") {
return 403;
}
if ($ssl_client_i_dn != "emailAddress=user@wemakeusa.com") {
return 403;
}
}
}
3. SSL testing
https://www.ssllabs.com/ssltest/analyze.html?d=www.wemakeusa.com
4. Download files for exams
http://www.wemakeusa.com/certificate_file.tar
I have registered p12 certificate and ca certificate in my Firefox browser, but I get "400 Bad Request".
I need help with 'multiple user cilent certificate authentication' tips and solutions for errors.