Lexa Software: Nginx-ru@sysoev.ru archive

		Apache-Talk @lexa.ru
		Inet-Admins @info.east.ru
		Filmscanners @halftone.co.uk
		Security-alerts @yandex-team.ru
		nginx-ru @sysoev.ru

СТАТЬИ

ПЕРСОНАЛЬНОЕ

ПРОГРАММЫ

ПИШИТЕ
ПИСЬМА

АРХИВ :: nginx-ru

Nginx-ru mailing list archive (nginx-ru@sysoev.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Client sent no required SSL certificate while reading client request headers

To: nginx-ru@xxxxxxxxx
Subject: Client sent no required SSL certificate while reading client request headers
From: Vladislav Vorobiev <mymir.org@xxxxxxxxxxxxxx>
Date: Thu, 24 Mar 2011 04:14:03 +0000
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=ugybfOuxIhwJTLcUPrBcrgBf2+OttEoONZAam00ZJ70=; b=YacR99Nywis6+ZexHMWGNg6npvolaRLYK0JbPKcGdr39wlhzhnNZnQcIJ52KZS9vT1 4BZzblUJwLY5bTfAir4JRLe0Se1TiIfiVZLdK9woWPmAWStXwDpxUVjAVRMplJrOM+g8 EUcUQtInfy7eNMGEIUVLexZoSmWpgrtcIty6I=
Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=sHWrmL0fs1qBpFWzXHPXW7ig6xkd90AVu6iQJs/kPEbbHPuX2Z6/gEmu+WW25pAQDN oQfVUarUZMqEg7SB7e0DlWhIN/QFW3AO2j5gjms+rVMUzMpRCHBN01Z6JlCQd5mSMHKj W18+hjLtt1H68nIjzo0e3OqJdeLgxlFEP8q2k=

Я тут как то уже писал по этому поводу но так и не удалось до конца
решить проблему.

http://forum.nginx.org/read.php?21,171296

Конфиг  такой

ssl on;
ssl_certificate /etc/apache2/ssl/name.crt;
ssl_certificate_key /etc/apache2/ssl/key.key;
ssl_client_certificate /etc/apache2/ssl/thawte_ca.crt;
ssl_verify_client optional;
ssl_verify_depth 2;

Если стоит

ssl_verify_client optional;

То при первом заходе в Windows 7 показывается сообщение


Windows Security

No certificate available
No certificates available meet application crit...
Click ok to continue.

В Safari тоже самое, Firefox и Google съедают.

Если изменить

ssl_verify_client on;

То и в Firefox

400 Bad Request
No required SSL certificate was sent
nginx/0.9.3

а в error_log info;

7576#0: *1081 client sent no required SSL certificate while reading
client request headers, client: 66.249.71.xx, server: laalamaster.de,
request: "GET /url HTTP/1.1", host: "www.myhost.com"

thawte_ca.crt имеет два сертификата, файл выглядит так:

-----BEGIN CERTIFICATE-----
MIIEjzCCA3egAwIBAgIQdhASihe2grs6H50amjXAkjANBgkqhkiG9w0BAQUFADCB
....................
2/lPL0ActI5HImG4TJbe8F8Rfk8R2exQRyIOxR3iZEnnaGNFOorZcfRe8W63FE0+
bxQe3FL+vN8MvSk/dvsRX2hoFQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIERTCCA66gAwIBAgIQM2VQCHmtc+IwueAdDX+skTANBgkqhkiG9w0BAQUFADCB
zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ
........
95OBBaqStB+3msAHF/XLxrRMDtdW3HEgdDjWdMbWj2uvi42gbCkLYeA=
-----END CERTIFICATE-----

В чем все-же может быть проблема? Подскажите пожалуйста.

-- 
Best Regards
Vlad Vorobiev
_______________________________________________
nginx-ru mailing list
nginx-ru@xxxxxxxxx
http://nginx.org/mailman/listinfo/nginx-ru

Follow-Ups:
- Re: Client sent no required SSL certificate while reading client request headers
  - From: Alex Sergeyev
- Re: Client sent no required SSL certificate while reading client request headers
  - From: Andrew Kopeyko

Prev by Date: phpbb3 fastcgi_cache_key
Next by Date: Re: Странное поведение nginx н а 2 IP
Previous by thread: phpbb3 fastcgi_cache_key
Next by thread: Re: Client sent no required SSL certificate while reading client request headers
Index(es):
- Date
- Thread