Hello everyone. I'm setting up an internal web server that will accept requests from another systems (mostly enterprise-ish something) authenticated with client certificates.
We've successfully configured interaction with two of these systems (all with mutual TLS), and when pointed another one to this server we've got next message in the error.log (log level for error log is set to debug): 2016/06/16 18:07:55 [info] 21742#0: *179610 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:SSL alert number 42) while SSL handshaking, client: 10.117.252.168, server: 0.0.0.0:8443 What can cause this message? How to debug it? Our setup is: Red Hat Enterprise Linux 7.1, Nginx 1.8.0 compiled from sources and run from unprivileged user, internet not available, root or sudo access not available too. Requests from other systems handled well. SSL configuration in nginx.conf as follows: ssl_certificate /home/strela/ssl/strela.crt; ssl_certificate_key /home/strela/ssl/strela.key; ssl_client_certificate /home/strela/ssl/client-ca.crt; // Both root and intermediate certs which signed client certs are included in this file ssl_verify_client on; ssl_verify_depth 2; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; Thank you in advance, please ask for any additional info if required. With best regards, Andrey Novikov. _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx