Nginx client SSL authentication

Your configuration is actually correct. However, please make sure that you DO NOT put actual client certificates into client_package.cer file. This file should only contain trusted CA certificates, actually it should contain the complete chain(s). You should request all root and intermediate certificates from your client if they haven't provided them.

There are also few gotchas related to the default server setup. Please read this and make sure it does not affect you.


Use ssl_trusted_certificate directive indstead of ssl_client_certificate. See docs http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_trusted_certificate .

But anyway, I would recomend signing all client certificates with ONE ROOT CA and verify, if the client certificate is signed with that CA.

If it solved your problem, please accept it as answer.