25,980
社区成员
发帖
与我相关
我的任务
分享nginx支持中间证书签发的CRL吗?
测试了一下,对于证书链,如果使用根证书签发吊销列表,可正常使用。
但是使用中间证书签发的吊销列表,报如下错误:
client SSL certificate verify error: (3:unable to get certificate CRL) while reading client request headers.
我的配置如下:
server{
proxy_set_header Proxy-Connection "";
listen 443;
server_name www.test.com;
charset utf-8;
ssl on;
ssl_verify_depth 2;
ssl_certificate /opt/CA2/server.crt;
ssl_certificate_key /opt/CA2/server.key.dec;
ssl_client_certificate /opt/CA2/ca.crt;
ssl_crl /opt/CA2/testca.crl;
ssl_verify_client on;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
access_log /usr/local/nginx/logs/ssl_access.log;
error_log /usr/local/nginx/logs/ssl_error.log debug;
}
但是使用中间证书签发的吊销列表,报如下错误:
client SSL certificate verify error: (3:unable to get certificate CRL) while reading client request headers.
我的配置如下:
server{
proxy_set_header Proxy-Connection "";
listen 443;
server_name www.test.com;
charset utf-8;
ssl on;
ssl_verify_depth 2;
ssl_certificate /opt/CA2/server.crt;
ssl_certificate_key /opt/CA2/server.key.dec;
ssl_client_certificate /opt/CA2/ca.crt;
ssl_crl /opt/CA2/testca.crl;
ssl_verify_client on;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
access_log /usr/local/nginx/logs/ssl_access.log;
error_log /usr/local/nginx/logs/ssl_error.log debug;
}
...全文
请发表友善的回复…
发表回复
玉女 2013-12-24
- 打赏
- 举报
我擦,断根呀
