Hi,
I have been able to work arround this issue by setting the option "ssl_verify_client" to "optional" instead of "on". After this I used an if statement for checking the variable "$ssl_client_verify" on its value being "NONE" (meaning no valid SSL certificate had been provided). This statement being true, you can redirect your visitors to another url. Otherwise they will continue running the rest of the server code.
In config code this looks like the following:
server {
listen 0.0.0.0:443 ssl;
ssl on;
server_name myserver.mydomain.com;
ssl_certificate_key /my/path/to/my/certificate.key;
ssl_certificate /my/path/to/my/certificate.pem;
ssl_client_certificate /my/path/to/my/ca.crt;
ssl_verify_client optional;
root /my/path/to/my/root/html;
if ($ssl_client_verify = NONE) {
return 303 http://errors.mydomain.com/400.html;
}
location / {
(whatever you want to show your verified visitors);
}
}
Please let me now if this worked for you.
Greetz!
I have been able to work arround this issue by setting the option "ssl_verify_client" to "optional" instead of "on". After this I used an if statement for checking the variable "$ssl_client_verify" on its value being "NONE" (meaning no valid SSL certificate had been provided). This statement being true, you can redirect your visitors to another url. Otherwise they will continue running the rest of the server code.
In config code this looks like the following:
server {
listen 0.0.0.0:443 ssl;
ssl on;
server_name myserver.mydomain.com;
ssl_certificate_key /my/path/to/my/certificate.key;
ssl_certificate /my/path/to/my/certificate.pem;
ssl_client_certificate /my/path/to/my/ca.crt;
ssl_verify_client optional;
root /my/path/to/my/root/html;
if ($ssl_client_verify = NONE) {
return 303 http://errors.mydomain.com/400.html;
}
location / {
(whatever you want to show your verified visitors);
}
}
Please let me now if this worked for you.
Greetz!