Hi,
I configured my nginx with openssl as below:
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate <Combined Server certificate and Root CA
certificate>
ssl_certificate_key
ssl_client_certificate
ssl_verify_client on;
ssl_verify_depth 3;
ssl_session_cache shared:SSL:64k;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
}
From client code I am sending client certificate as bellow
RootCA → IntermediateCA → Client
By using curl :
curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, “PEM”);
curl_easy_setopt(curl,CURLOPT_SSLCERT,“ClientCom.crt”); // This
file
having three certificates
if (pPassphrase)
curl_easy_setopt(curl, CURLOPT_KEYPASSWD, pPassphrase);
curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM");
curl_easy_setopt(curl,CURLOPT_SSLKEY,"ClientKey.pem");
curl_easy_setopt(curl,CURLOPT_CAINFO,"RootCA.crt");
My Server Code: As soon as nginx server gets any request from client,
below
call would be triggered from my Server as below.
ReadTLSSessionData (FCGX_Request *request)
{
FCGX_GetParam(“SSL_CLIENT_RAW_CERT”, request->envp);
FCGX_GetParam(“SSL_CLIENT_CERT”, request->envp);
}
Here I am receiving only one certificate from these environmental
variables.
But, I want to read all three certificates which client sending in PEM
format. Then I have to verify the extensions.
What is the environmental variable which gives all certificates from
client???
Below is my fastcgi.conf file:
fastcgi_param SSL_CLIENT_CERT $ssl_client_cert;
fastcgi_param SSL_CLIENT_RAW_CERT $ssl_client_raw_cert;
fastcgi_param SSL_CLIENT_S_DN $ssl_client_s_dn;
fastcgi_param SSL_CLIENT_I_DN $ssl_client_i_dn;
fastcgi_param SSL_CLIENT_SERIAL $ssl_client_serial;
Can anybody help me in this aspect!!!
Regards,
Sravana
Posted at Nginx Forum: