0
I was setting up a mutual authentication in nginx and generated certificates from "Let's Encrypt".
Server side SSL is working fine.
But after enabling the client side certificate verification, it gives the following error in the nginx debug error message:
client SSL certificate verify error: (2:unable to get issuer certificate) while reading client request headers, client: 192.168.15.34, server: srtimsina.com, request: "GET / HTTP/1.1", host: "srtimsina.com"
Suryaraj Timsina
Posted 2019-09-23T09:49:01.890
Reputation: 1
Do you know what client certificate verification is? Did your client actually provide a valid certificate? Have you checked everything with openssl s_client? Read https://stackoverflow.com/questions/17203562/openssl-s-client-cert-proving-a-client-certificate-was-sent-to-the-server for other hints.
– Nikita Kipriyanov – 2019-09-23T09:57:40.240Who was the issuer of the client cert your web client submitted in its authentication request? That is, what CA signed the client's cert? Did you tell nginx to trust that CA when verifying client certs? Did you store that CA's cert somewhere that nginx can find and use it? – Spiff – 2019-09-23T16:32:06.820