Re: $ssl_client_verify not working?

Igor Sysoev Thu, 14 Apr 2016 12:09:35 -0700

On 13 Apr 2016, at 03:01, Ramon_Ali <nginx-fo...@forum.nginx.org> wrote:


> Hi, i was wanting to return a 403 when invalid client certificate submitted,
> however Nginx 1.9.6 returning 400 Bad Request, The SSL Certificate Error.
> Seems to return 403 fine when no certificate is submitted, but any clues on
> getting it to return a 403 work when invalid (signed by unauthorised CA)
> certificate submitted.
> 
> Nginx server block - 
> 
>    server {
>       listen       443 ssl;
>       server_name  server.com;
> 
>       ssl_certificate   /etc/nginx/server.crt;
>       ssl_certificate_key  /etc/nginx/server.key;
> 
>       ssl_client_certificate  /etc/nginx/client_ca.crt;
>       ssl_verify_client optional;
>       ssl_verify_depth 2;
> 
>       if ($ssl_client_verify != SUCCESS ) {
>       return 403;
>       }

http://nginx.org/en/docs/http/ngx_http_ssl_module.html#errors

error_page  495  496  =403  /403.html;


-- 
Igor Sysoev
http://nginx.com

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: $ssl_client_verify not working?

Reply via email to