Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

谁配过ssl_crl,为啥我配置后,客户端得到400的状态码错误 #613

Open
LRblazer opened this issue Jun 6, 2024 · 1 comment
Open

谁配过ssl_crl,为啥我配置后,客户端得到400的状态码错误 #613

LRblazer opened this issue Jun 6, 2024 · 1 comment

Comments

@LRblazer
Copy link

LRblazer commented Jun 6, 2024

请教大佬
@Homqyy
Copy link

Homqyy commented Jun 28, 2024

This occurs because nginx needs to have CRLs for every certificate that's mentioned in ssl_client_certificate cert chain, including the root CA's CRL.

I hit this myself when I created root and intermediate CAs in order to generate certs for intranet sites. When I configured nginx to use SSL client authentication, I only used the CRL from our intermediate CA. nginx needs to see the CRL for every certificate in the chain, including the intermediate CA, to make sure that the intermediate CA's certificate hasn't been revoked by the root. Concatenating the root CRL onto the intermediate CRL fixed the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Homqyy @LRblazer