Hello! On Thu, Dec 11, 2014 at 02:03:35PM -0500, sandeepkolla99 wrote:
> Hi, > My Nginx is setup for Mutual SSL and it works well for the below nginx > configuration. > Hierarchy of certificates is RootCA > ******************************** | > ******************************** V > ************************** IntermediateCA > ******************************** | > ******************************** V > ***********************ClientCert ServerCert > > listen 80; > listen 443 ssl; > server_name localhost; > > ssl_certificate serverCert.pem; > ssl_certificate_key serverKey.key; > ssl_client_certificate RootCA.pem; > ssl_verify_client on; > ssl_verify_depth 2; > > But If I add 'ssl_crl RootCACRL.pem' or 'ssl_crl IntermediateCRL.pem' to > above configuration, I see the below error. By the way, RootCACRL.pem and > IntermediateCRL.pem files doesn't have any revoked certificates. > > 400 Bad Request > > The SSL certificate error > > nginx/1.6.2 The "ssl_crl" should contain CRLs for all certificates in the chain, that is, both RootCA and IntermediateCA in your case. There should be a message in the error log (at "info" level) explaining what's wrong. Just combining IntermediateCRL.pem and RootCACRL.pem into a single file and using it in the "ssl_crl" directive should fix this. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
