Welcome! Log In Create A New Profile

Advanced

Re: Accepting Multiple TLS Client Certificates

Previous Message Next Message
Forum List Message List New Topic Print View
Francis Daly
June 25, 2019 06:28PM
On Mon, Jun 24, 2019 at 04:58:48PM +0200, Johannes Gehrs wrote:

Hi there,

> as per our understanding one can provide a file with multiple certificates
> as "ssl_client_certificate". Nginx would then accept any one of the
> certificates.

http://nginx.org/r/ssl_client_certificate has slightly different
words for what it does. It also refers to the "ssl_verify_client" and
"ssl_trusted_certificate" directives.

> In our test case we provided a chain of two certificates, a root cert and
> the client certs signed by this CA. We tried both, concatenating the files
> like this: "user1 user2 ca" and like this "user1 ca user2 ca". In all cases
> just the first certificate was accepted.
>
> Are we misunderstanding the expected behaviour of nginx, or is this a bug,
> or are we maybe doing something wrong?

Can you provide a config that shows the problem that you report?

From your description, only the ca cert needs to be in the file; but
I think that including the other certs should not break anything. Can
you tell, are there the expected newlines in the file, between the certs?

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

Accepting Multiple TLS Client Certificates

Johannes Gehrs June 24, 2019 11:00AM

Re: Accepting Multiple TLS Client Certificates

Francis Daly June 25, 2019 06:28PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 288
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready