On Tue, Mar 21, 2023 at 07:02:23PM -0400, PGNet Dev wrote:
> > What does the error_log say about this request and response?

> 2023/03/21 18:52:14 [info] 4955#4955: *7 client SSL certificate verify error: certificate status request failed while reading client request headers, client: 2401::...::1, server: example.com, request: "GET / HTTP/2.0", host: "example.com"

That'll be why nginx blocks the access, at least -- the client cert is
not verified as good.

You have indicated that the client cert has:

Issuer: C = US, ST = NY, O = example.com, OU = example.com_CA, CN = example.com_CA_INT, emailAddress = ssl@example.com

Do you have the certificate that has that value as the Subject? What
is that certificate's Issuer? And repeat until you get to the root
certificate.

And which of the ssl*certificate files named in your config holds those certificates?

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx