我有两个Nginx服务器,分别为server1和server2。server1需要客户端 SSL 验证。而server2将所有请求代理到server1。
问题在于,当我直接从server1访问我的服务时,浏览器会要求我的客户证书并且它可以正常工作。
但是从server2访问时,它总是显示错误“400 Bad Request. No required SSL certificate was sent”。 server1的 Nginx 配置如下:
问题在于,当我直接从server1访问我的服务时,浏览器会要求我的客户证书并且它可以正常工作。
但是从server2访问时,它总是显示错误“400 Bad Request. No required SSL certificate was sent”。 server1的 Nginx 配置如下:
server {
listen 443;
server_name server1 ;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_client_certificate /etc/nginx/client_keys/keys.crt;
ssl_verify_client on;
ssl_verify_depth 1;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://some-service;
}
}
server2的nginx配置如下:
server {
listen 443 default_server;
server_name server2;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_client_certificate /etc/nginx/client_keys/keys.crt;
location / {
proxy_pass https://server1;
}
}