How to use ssl_verify_client=ON on one virtual server and ssl_verify_client=OFF on another?

Posted by Alexander Artemenko on Server Fault See other posts from Server Fault or by Alexander Artemenko
Published on 2011-11-02T12:00:12Z Indexed on 2012/11/07 23:03 UTC
Read the original article Hit count: 312

Filed under:
|
|
|

I want to force ssl client verification for on of my virtual hosts. But get "No required SSL certificate was sent" error, trying to GET something from it.

Here are my test configs:

# defaults                                                                                                                                                                    
ssl_certificate /etc/certs/server.cer;                                                                                                                                 
ssl_certificate_key /etc/certs/privkey-server.pem;                                                                                                                     
ssl_client_certificate /etc/certs/allcas.pem;                                                                                                                                 

server {                                                                                                                                                                      
    listen 1443 ssl;                                                                                                                                                          
    server_name server1.example.com;                                                                                                                                          
    root /tmp/root/server1;                                                                                                                                                   

    ssl_verify_client off;                                                                                                                                                    
}                                                                                                                                                                             

server {                                                                                                                                                                      
    listen 1443 ssl;                                                                                                                                                          
    server_name server2.example.com;                                                                                                                                          
    root /tmp/root/server2;                                                                                                                                                   

    ssl_verify_client on;                                                                                                                                                     
} 

First server replies with 200 http code, but second returns "400 Bad Request, No required SSL certificate was sent, nginx/1.0.4".

Probably, it is implossible to use ssl_verify_client on the same IP? Should I bind these servers to different IPs, will it solve my problem?

© Server Fault or respective owner

Related posts about nginx

Related posts about webserver