How to use ssl_verify_client=ON on one virtual server and ssl_verify_client=OFF on another?
Posted
by
Alexander Artemenko
on Server Fault
See other posts from Server Fault
or by Alexander Artemenko
Published on 2011-11-02T12:00:12Z
Indexed on
2012/11/07
23:03 UTC
Read the original article
Hit count: 307
I want to force ssl client verification for on of my virtual hosts. But get "No required SSL certificate was sent" error, trying to GET something from it.
Here are my test configs:
# defaults
ssl_certificate /etc/certs/server.cer;
ssl_certificate_key /etc/certs/privkey-server.pem;
ssl_client_certificate /etc/certs/allcas.pem;
server {
listen 1443 ssl;
server_name server1.example.com;
root /tmp/root/server1;
ssl_verify_client off;
}
server {
listen 1443 ssl;
server_name server2.example.com;
root /tmp/root/server2;
ssl_verify_client on;
}
First server replies with 200 http code, but second returns "400 Bad Request, No required SSL certificate was sent, nginx/1.0.4".
Probably, it is implossible to use ssl_verify_client on the same IP? Should I bind these servers to different IPs, will it solve my problem?
© Server Fault or respective owner