Our service uses 2-way ssl with our clients connecting to our systems. With each new client we add their intermediate and root CA chain to the concatenated certificates file used by ssl_client_certificate. We recently upgraded to 1.14.0 (and the included modules) and now some, but not all of our customers are unable to connect getting 400 errors. We've tried changing the order of the certificates in the concatenated file but that didn't help. It is happening across different certificate chains but not all. And all of them worked fine prior to the upgrade.
Has anyone else encountered this or is there something we should be doing different in how we set up these certificates?
Thanks