The only way I was able to accept both certs but use the one or the
other in the vhost was to bundle the certs and distinguish by issuer dn,
see:
https://github.com/resmo/nginx-ssl_client_certificate-limit/pull/1
This works as expected, but feels kind of a hack. Any other suggestions?
On 14.01.21 21:29, Rene Moser wrote:
Hi
I have a hard time with ssl_client_certificate.
I try to use vhosts with 2 separated CA in ssl_client_certificate
configs but I was not able to do it as expected. The later
ssl_client_certificate was not taken in effect and even more unexpected
I was able to use the first client cert to auth in the seconds vhost.
To show the limitation, I created a reproducer:
https://github.com/resmo/nginx-ssl_client_certificate-limit
Please tell me I did something terribly wrong.
Regards
René
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
