SSL client auth in nginx with multiple server section

Posted by Bastien974 on Server Fault See other posts from Server Fault or by Bastien974
Published on 2014-06-04T14:50:21Z Indexed on 2014/06/04 15:28 UTC
Read the original article Hit count: 264

Filed under:
|

I want to implement ssl_verify_client in nginx.

This works perfectly when I only have one server section, which listen to 443. In my case I have multiple, all listening on 443 but to different server_name.

For one particular server (proxy.mydomain.com), I'm adding the SSL client verify, but when I test the connectivity with openssl s_client -connect proxy.mydomain.com:443 -cert xxx.crt -key xxx.key and then do a

GET / HTTP/1.1
host: proxy.mydomain.com

It's not working, 400 No required SSL certificate was sent

I think nginx is not receiving the proper server_name and is directing it to the first server listening to 443.

So I tried to listen on another port and it worked right away.

What's the issue and how can I fix it ?

© Server Fault or respective owner

Related posts about nginx

Related posts about ssl