nginx tlsv1 alert unknown ca:SSL alert number 48

nginx ssl ssl-certificate

Solution 1:

...ssl3_read_bytes:tlsv1 alert unknown ca

The upstream server can not validate the send client certificate since it is missing intermediate certificates. Therefore it sends back to nginx the cause of the problem as an alert. The fix is probably to add the necessary intermediate certificates to client.pem in the right order (i.e. leaf certificate first, then what signed leaf certificate etc).

But why did it work with curl then: Depending on which TLS stack is used with curl and maybe depending on the version of curl it will automatically combine the certificate given with --cert with matching intermediate certificates given in --cacert and send the full chain to the server as part of the client certificate. If this is done then the server can successfully validate the client certificate.

Related

Decreasing disk size on Google Virtual Machine Web Server [duplicate]
Configure IIS to use Active Directory authentication
Redirects from Nginx reverse-proxyed Django ASGI server going to wrong subdirectory
Firewalld: only allowing SSH from specific IP does not work
How can I delete an outgoing trust on Windows Server when an internal error occurs?
Why do some wildcard certificates have asterisk in subject field and some not?
Styling part of label in legend in matplotlib
Error: MapFragment cannot be cast to android.support.v4.app.Fragment
node.js /socket.io/socket.io.js not found
structured binding with [[maybe_unused]]
How to disable double click zoom for d3.behavior.zoom?
How to check if file exists in a Windows Store App?