Nginx does not provide option to read the certificate chain
|Reported by:||Owned by:|
|uname -a:||Linux 71de78ac83ec 5.11.0-41-generic #45~20.04.1-Ubuntu SMP Wed Nov 10 10:20:10 UTC 2021 x86_64 Linux|
nginx version: nginx/1.21.4
built by gcc 10.3.1 20210424 (Alpine 10.3.1_git20210424)
built with OpenSSL 1.1.1l 24 Aug 2021
TLS SNI support enabled
There is a server which has two known local CAs. One is a root ca (which is a self signed ca) and the other is an intermediate ca , signed by the root ca. Intermediate CA has issued a client certificate which is
shared with the client along with the chain(intermediate + root).
The chain looks as following:
ClientCert -> IntermediateCACert -> RootCACert
root ca certificate is the CA certificate which has been added in the trusted CA certificate list for the web.
From the client side, the chain is being used to establish the connection with the server. The connection gets established successfully.
Nginx does the SSL termination. Although there are options to fetch the client certificate (only the leaf certificate, using variable ssl_client_cert), there is no way to get the entire chain of certificates from Nginx.