Welcome! Log In Create A New Profile

Advanced

RE: ssl client auth trouble

Reinis Rozitis
August 30, 2019 12:34PM
> When this is all done, and I import the p12 client certificate on my Windows PCs (tested 2) Chrome and Firefox show me the "400 Bad Request\n No required SSL certificate was sent". The very strange thing is IE11 on one of the two PCs, actually prompts me to use my newly-installed cert the first time, and it works. No other browser (including IE on a different PC) works.


Afaik Chrome uses Windows certificate store (and iirc as of FF49 there is an optional setting for firefox too) so if IE11 works it could be that rather than nginx configuration it is browser related.

For example - some time ago when I had to implement client certificate authentication myself one such caveat turned out to be how Chrome handles http2 - I had several virtualhosts, but client auth only for one domain and it randomly didn't work. When I inspected the http2 stream I noticed that if the resolved IP for the domain matched an existing connection Chrome happily reused/pipelined the request through it without sending the certificate.
When the particular domain was placed on a separate ip everything started to work as expected. While there might not be a technical issue for such behavior (not sure?) it wasn't very obvious at first.


I would suggest to share at least minimal nginx configuration snippet - it's hard to help without that.

Maybe try with ssl_verify_client optional_no_ca; - depending on how the client certificate was created/signed there might be intermediate CAs (not sure if you followed the guides directly about self-made CAs etc) and then the default ssl_verify_depth 1; would also fail at verification.
Also log if $ssl_client_s_dn / $ssl_client_escaped_cert actually contain anything.

rr

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

ssl client auth trouble

aweber August 30, 2019 10:10AM

RE: ssl client auth trouble

Reinis Rozitis August 30, 2019 12:34PM

Re: ssl client auth trouble

aweber August 30, 2019 03:14PM

RE: ssl client auth trouble

Reinis Rozitis August 30, 2019 03:22PM

Re: ssl client auth trouble

j94305 August 30, 2019 06:58PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 64
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready