I am hosting a nginx webserver in my LAN and I want to authenticate client who are accessing my server with ssl client certificate.I generated a self signed SSL certificate and one client certificate following some documents on google. But I am unable to authenticate client who has certificate. I am getting the following errors
When requested from Firefox:
2017/08/10 18:30:13 [info] 8994#0: *4 client sent no required SSL certificate while reading client request headers, client: 192.168.16.27, server: 192.168.26.43, request: "GET /hls1/master.m3u8 HTTP/1.1", host: "192.168.26.43"
When request using curl:
curl -v -s -k –key client.key –cert client.crt –cacert ca.crt https://192.168.26.43/hls2/master.m3u8
2017/08/10 18:30:33 [info] 8994#0: *5 client SSL certificate verify error: (18:self signed certificate) while reading client request headers, client: 192.168.16.27, server: 192.168.26.43, request: "GET /hls2/master.m3u8 HTTP/1.1", host: "192.168.26.43"
So,my question is can I use self-signed certificate to authenticate client?If so, can anyone provide the steps to achieve this?
Best Answer
I just stumbled over this and discovered a small pitfall which caused the same error you encountered:
There are plenty of guides how to create a self signed client certificate, I used the following (adapted from here):
However, if you use the same Organization Name (eg, company) for both your ca and your client certificate, you will see above error! (edited: important)
If
openssl verify -verbose -CAfile ca.crt client.crt
does not complain about a self-signed certificate, you're good to go.