Quantcast

Client certificate authentication error

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Client certificate authentication error

AjaySawant
Hello.
I am trying to implement a client certificate using nginx on Ubuntu 16.04.
Firefox browser "400 Bad Request No required SSL certificate was sent "error
occurs.

To solve the above error, I release everything for the development process
and configuration tests.

1. create client certificate file(openssl 1.0.2g)


openssl genrsa -des3 -out ca.key 2048  (pass :  1234)

openssl req -new -key ca.key -out ca.csr -subj
/C=KR/ST=Seoul/L=Guro-gu/O=company/CN=www.wemakeusa.com/emailAddress=[hidden email]

openssl x509 -req -days 1280 -in ca.csr -signkey ca.key -out ca.crt

openssl rsa -in ca.key -out ca_key.pem

--

openssl genrsa -des3 -out server.key 2048  (pass : 12345)

openssl req -new -key server.key -out server.csr -subj
/C=KR/ST=Seoul/L=Guro-gu/O=req
company/CN=www.wemakeusa.com/emailAddress=[hidden email]

openssl x509 -req -in server.csr -out server.crt -signkey server.key -CA
ca.crt -CAkey ca.key -CAcreateserial -days 365

openssl rsa -in server.key -out server_key.pem

--

openssl genrsa -des3 -out client.key 2048  (pass : 123456)

openssl req -new -key client.key -out client.csr -subj
/C=KR/ST=Seoul/L=Guro-gu/O=Users/CN=www.wemakeusa.com/emailAddress=[hidden email]

openssl x509 -req -in client.csr -out client.crt -signkey client.key -CA
server.crt -CAkey server.key -CAcreateserial -days 365

openssl rsa -in client.key -out client_key.pem


openssl pkcs12 -in client.crt -inkey client.key -export -out client.p12



2. Nginx configure(1.10.0)

server {
    listen        443;
    ssl on;
    server_name www.wemakeusa.com;

    error_log   /home/ubuntu/nginx-error.log debug;

    ssl_certificate      /home/ubuntu/ssl-der/server.crt;
    ssl_certificate_key  /home/ubuntu/ssl-der/server_key.pem;
    ssl_client_certificate /home/ubuntu/ssl-der/ca.crt;
    ssl_verify_client on;
    ssl_verify_depth 3;

    location / {
        root           /var/www/wemakeusa.com;
        index index.html;
        if ($ssl_client_i_dn != "CN = company") {
            return 403;
        }
        if ($ssl_client_i_dn != "emailAddress=[hidden email]") {
            return 403;
        }
    }
}


3. SSL testing

https://www.ssllabs.com/ssltest/analyze.html?d=www.wemakeusa.com



4. Download files for exams

http://www.wemakeusa.com/certificate_file.tar



I have registered p12 certificate and ca certificate in my Firefox browser,
but I get "400 Bad Request".

I need help with 'multiple user cilent certificate authentication' tips and
solutions for errors.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,273879,273879#msg-273879

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Client certificate authentication error

AjaySawant
There is an incorrect syntax to fix.

I have registered p12 certificate and ca certificate in my Firefox browser,
but I get "400 Bad Request".

==> I have registered client.p12 and ca.crt file in my Firefox browser, but
I get "400 Bad Request".

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,273879,273880#msg-273880

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Client certificate authentication error

Richard Stanway
> openssl x509 -req -in client.csr -out client.crt -signkey client.key -CA
> server.crt -CAkey server.key -CAcreateserial -days 365

I think you should be using the CA certificate here, not the server certificate.


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Client certificate authentication error

AjaySawant
This problem has been solved with your help.
I sincerely appreciate your help.
This case is closed because this request has been resolved.
Thank you very much.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,273879,273902#msg-273902

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Loading...