Hi All,
We?re trying to configure a client authentication on an Nginx 1.15.12 and
we noticed a ?400 Bad Request - SSL Certificate Error? because a
certificate CA isn?t present into the certificates listed into
?ssl_client_certificate?. This is the configuration for the SSL
authentication.
ssl_verify_client optional;
ssl_client_certificate /usr/local/nginx/ca-test.pem;
Actually we would return a 401 error page instead a 400 error page but we
aren?t able to customize the HTTP code but only the message reported with
this configuration.
error_page 495 @error_ssl_495;
location @error_ssl_495{
return 401 'certificate invalid';
}
Is it possible to adjust also the http error code?
Thanks in advance,
Marcello
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20190611/4a6e7ffa/attachment.html>
On Tue, Jun 11, 2019 at 10:25:32AM +0200, Marcello Lorenzi wrote:
Hi there,
> Actually we would return a 401 error page instead a 400 error page but we
> aren?t able to customize the HTTP code but only the message reported with
> this configuration.
>
> error_page 495 @error_ssl_495;
Untested by me here, but
http://nginx.org/r/error_page
shows that you can add another argument with "=" to set the response code,
or to change to the response code that the uri returns.
Cheers,
f
--
Francis Daly francis at daoine.org
Hi,
It works correctly. Thanks for the tips.
Marcello
On Tue, Jun 11, 2019 at 10:46 AM Francis Daly <francis at daoine.org> wrote:
> On Tue, Jun 11, 2019 at 10:25:32AM +0200, Marcello Lorenzi wrote:
>
> Hi there,
>
> > Actually we would return a 401 error page instead a 400 error page but we
> > aren?t able to customize the HTTP code but only the message reported with
> > this configuration.
> >
> > error_page 495 @error_ssl_495;
>
> Untested by me here, but
>
> http://nginx.org/r/error_page
>
> shows that you can add another argument with "=" to set the response code,
> or to change to the response code that the uri returns.
>
> Cheers,
>
> f
> --
> Francis Daly francis at daoine.org
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20190612/61f24b91/attachment.html>
The 400 (Bad Request) status code indicates that the server cannot or will
not process the request because the received syntax is invalid, nonsensical,
or exceeds some limitation on what the server is willing to process. It
means that the request itself has somehow incorrect or corrupted and the
server couldn't understand it. The server is refusing to service the request
because the entity of the request is in a format not supported by the
requested resource for the requested method . Therefore, it prevents the
website from being properly displayed. The main thing to understand is that
the 400 Bad Request error is a client-side error.
The cause of 400 Bad Request error can be a wrongly written URL or a URL
that contains unrecognizable characters. Another cause of the error might be
an invalid or expired cookie. Also, if you try to upload a file that's too
large. If the server is programmed with a file size limit, then you might
encounter a 400 error.
Expired Client Certificate
This issue typically happens for a 2-Way TLS, when the certificate sent by
the client is expired. In a 2-way TLS, both client and server exchange their
public certificates to accomplish the handshake. The client validates the
server certificate and the server validates the client certificate. During
the TLS handshake if it is found that the client certificate is expired,
then the server will send 400 - Bad request with the message "The SSL
certificate error". The solution for this problem is that procure a new
certificate and upload the certificate
http://net-informations.com/q/mis/400.html
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,284506,295640#msg-295640