Nginx-ru mailing list archive (nginx-ru@sysoev.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Client sent no required SSL certificate while reading client request headers
- To: nginx-ru@xxxxxxxxx
- Subject: Client sent no required SSL certificate while reading client request headers
- From: Vladislav Vorobiev <mymir.org@xxxxxxxxxxxxxx>
- Date: Thu, 24 Mar 2011 04:14:03 +0000
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=ugybfOuxIhwJTLcUPrBcrgBf2+OttEoONZAam00ZJ70=; b=YacR99Nywis6+ZexHMWGNg6npvolaRLYK0JbPKcGdr39wlhzhnNZnQcIJ52KZS9vT1 4BZzblUJwLY5bTfAir4JRLe0Se1TiIfiVZLdK9woWPmAWStXwDpxUVjAVRMplJrOM+g8 EUcUQtInfy7eNMGEIUVLexZoSmWpgrtcIty6I=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=sHWrmL0fs1qBpFWzXHPXW7ig6xkd90AVu6iQJs/kPEbbHPuX2Z6/gEmu+WW25pAQDN oQfVUarUZMqEg7SB7e0DlWhIN/QFW3AO2j5gjms+rVMUzMpRCHBN01Z6JlCQd5mSMHKj W18+hjLtt1H68nIjzo0e3OqJdeLgxlFEP8q2k=
Я тут как то уже писал по этому поводу но так и не удалось до конца
решить проблему.
http://forum.nginx.org/read.php?21,171296
Конфиг такой
ssl on;
ssl_certificate /etc/apache2/ssl/name.crt;
ssl_certificate_key /etc/apache2/ssl/key.key;
ssl_client_certificate /etc/apache2/ssl/thawte_ca.crt;
ssl_verify_client optional;
ssl_verify_depth 2;
Если стоит
ssl_verify_client optional;
То при первом заходе в Windows 7 показывается сообщение
Windows Security
No certificate available
No certificates available meet application crit...
Click ok to continue.
В Safari тоже самое, Firefox и Google съедают.
Если изменить
ssl_verify_client on;
То и в Firefox
400 Bad Request
No required SSL certificate was sent
nginx/0.9.3
а в error_log info;
7576#0: *1081 client sent no required SSL certificate while reading
client request headers, client: 66.249.71.xx, server: laalamaster.de,
request: "GET /url HTTP/1.1", host: "www.myhost.com"
thawte_ca.crt имеет два сертификата, файл выглядит так:
-----BEGIN CERTIFICATE-----
MIIEjzCCA3egAwIBAgIQdhASihe2grs6H50amjXAkjANBgkqhkiG9w0BAQUFADCB
....................
2/lPL0ActI5HImG4TJbe8F8Rfk8R2exQRyIOxR3iZEnnaGNFOorZcfRe8W63FE0+
bxQe3FL+vN8MvSk/dvsRX2hoFQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIERTCCA66gAwIBAgIQM2VQCHmtc+IwueAdDX+skTANBgkqhkiG9w0BAQUFADCB
zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ
........
95OBBaqStB+3msAHF/XLxrRMDtdW3HEgdDjWdMbWj2uvi42gbCkLYeA=
-----END CERTIFICATE-----
В чем все-же может быть проблема? Подскажите пожалуйста.
--
Best Regards
Vlad Vorobiev
_______________________________________________
nginx-ru mailing list
nginx-ru@xxxxxxxxx
http://nginx.org/mailman/listinfo/nginx-ru
|