On Wed, Mar 22, 2023 at 08:48:50AM -0400, PGNet Dev wrote:

Hi there,

> > Do you have the certificate that has that value as the Subject? What
> > is that certificate's Issuer? And repeat until you get to the root
> > certificate.
> >
> > And which of the ssl*certificate files named in your config holds those certificates?
>
> i verified all my certs/chains. all good.

You verified things in your way, and saw they were good.

The nginx logs you provided indicated that nginx verified things in its
way, and saw they were not good.

It seems like you have a system that works for you now, and that is
good.

If you want to keep testing for another system, then based on what
you reported, and what you provided here, my guess is that your client
certificate does verify against whatever is in myCA.CHAIN.crt.pem,
and does not verify against whatever is in intermediate_ca.ec.crt.pem.

So I suspect that if you put the contents of those two files into a
single file, and then refer to that either as ssl_client_certificate or
as ssl_trusted_certificate, and do not use the other directive at all;
then things might work more like you want.

Good luck with it,

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx