I'm using nginx as a web server. the server certificate generated by Let's Encrypt. I want to have certificate-based client authentication. I created a CA certificate and key with openssl, client certificate and key and signed the client certificate by CA key:
# Create the CA Key and Certificate for signing Client Certs
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
# Create the Client Key and CSR
openssl genrsa -des3 -out client.key 4096
openssl req -new -key client.key -out client.csr
# Sign the client certificate with our CA cert
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
In this way this helped me. I add the CA certificate (ca.crt) and client certificate (client.crt) to the linux trust store at /etc/ssl/certs or /usr/local/share/ca-certificate Now I perform following curl to my website:
curl --cacert ca.crt --cert client.crt --key client.key https://mywebsite.com
But still I get 400 Bad Request and it says:
No required SSL certificate was sent
Following is mywebsite.conf:
server {
listen 443;
server_name mywebsite.com;
index index.html;
...
ssl_verify_client on;
ssl_client_certificate /path/to/client.crt;
...
}