Hi, I am about to use SSL module of Nginx. By compared with apache2 mod_ssl, its option ``SSLVerifyClient'', allow used in server config, virtual host, directory. In Nginx, ``ssl_verify_client'' only allow main and server sector. Apache SSLVerifyClient also support 4 levels to verify client certificate, ``none, optional, require, optional_no_ca''. The ``optional'' level is very usable, I hope Nginx can support. And also support ``ssl_verify_client'' in directory sector. By the way, there is another question about SSL module. I created one Root CA Certificate, one Intermediate CA Certificate ( Signed by Root CA. So it's chain certificate, isn't it? ). Then I create one server certificate and one user certificate signed by Intermediate CA, server certificate is used for Nginx SSL. From Nginx english wiki/document, ``cat chain.crt >> mysite.com.crt'', I found that, I havn't done it, but Nginx SSL work fine. And I must define ssl_client_certificate to use Root CA Certificate to verify client ( also set ssl_verify_depth to 2) , I can't use Intermediate CA to verify client, is it true? Regards.
on 04.09.2008 04:33
