Welcome! Log In Create A New Profile

Advanced

Re: Nginx ssl_trusted_certificate directive problem

Previous Message Next Message
Forum List Message List New Topic Print View
Maxim Dounin
June 17, 2019 10:08AM
Hello!

On Fri, Jun 14, 2019 at 06:09:22AM -0400, niegus wrote:

> Hi,
>
> I have my nginx configured with client_certificate authentication:
>
> ssl_client_certificate /etc/nginx/ssl/cas.pem;
> ssl_verify_client optional;
> ssl_verify_depth 2;
> And is working fine, but I need to NOT send the CAs to the client during the
> handshake.
>
> I've seen
> http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_trusted_certificate
> in the documentation. So, I've changed it to:
>
> ssl_trusted_certificate /etc/nginx/ssl/cas.pem;
> ssl_verify_depth 2;
>
> But now ssl_client_verify is always to NONE, and actually I saw in wireshark
> that the client is not sending the certificate.
>
> What am I doing wrong?

For the client certificate authentication to work, you have to
configure ssl_verify_client, and ssl_client_certificate with at
least one certificate (unless you are using "ssl_verify_client
optional_no_ca;"). Any certificates specified in
ssl_trusted_certificate will be additionally trusted, but you
still have to specify at least one certificate in
ssl_client_certificate.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

Nginx ssl_trusted_certificate directive problem

niegus June 14, 2019 06:09AM

Re: Nginx ssl_trusted_certificate directive problem

Maxim Dounin June 17, 2019 10:08AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 150
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready