How to use ssl_verify_client=ON on one virtual server and ssl_verify_client=OFF on another?

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Alexander Artemenko on Server Fault See other posts from Server Fault or by Alexander Artemenko
Published on 2011-11-02T12:00:12Z Indexed on 2012/11/07 23:03 UTC
Read the original article Hit count: 275

Filed under:
|
|
|

I want to force ssl client verification for on of my virtual hosts. But get "No required SSL certificate was sent" error, trying to GET something from it.

Here are my test configs:

# defaults                                                                                                                                                                    
ssl_certificate /etc/certs/server.cer;                                                                                                                                 
ssl_certificate_key /etc/certs/privkey-server.pem;                                                                                                                     
ssl_client_certificate /etc/certs/allcas.pem;                                                                                                                                 

server {                                                                                                                                                                      
    listen 1443 ssl;                                                                                                                                                          
    server_name server1.example.com;                                                                                                                                          
    root /tmp/root/server1;                                                                                                                                                   

    ssl_verify_client off;                                                                                                                                                    
}                                                                                                                                                                             

server {                                                                                                                                                                      
    listen 1443 ssl;                                                                                                                                                          
    server_name server2.example.com;                                                                                                                                          
    root /tmp/root/server2;                                                                                                                                                   

    ssl_verify_client on;                                                                                                                                                     
}

First server replies with 200 http code, but second returns "400 Bad Request, No required SSL certificate was sent, nginx/1.0.4".

Probably, it is implossible to use ssl_verify_client on the same IP? Should I bind these servers to different IPs, will it solve my problem?

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about nginx

Related posts about webserver

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle