Custom nginx error page for “The SSL certificate error”

落爺英雄遲暮 提交于 2021-01-22 03:41:29

问题


If the customer will choose the expired certificate, the nginx server will show the built-in error page.

<html>
<head><title>400 The SSL certificate error</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The SSL certificate error</center>
<hr><center>nginx</center>
</body>
</html>

How can I catch the error and show the client a different page?


回答1:


Please refer to http://nginx.org/en/docs/http/ngx_http_ssl_module.html#errors

Define an error page for code 400 will not work. The working approach is

server {
    ...
    error_page 495 496 497 https://www.google.com;
    ...
}

So a user failed to submit a valid certificate will be redirect to google.com. This will work when ssl_verify_client is set to on or optional.


Another approach works only when $ssl_verify_client is set to optional, you could use $ssl_client_verify for redirecting.

if ($ssl_client_verify = NONE) { 
    return 303 https://www.google.com;
}

When $ssl_verify_client is set to on, it will not work.




回答2:


There is a way you can show the client a diffrent page. The way you do this is basically the same as stated above but instead you change the google website to a page that you created:

server {
    ...
    error_page 495 496 497 /error400.html;
    ...
}

Just be sure to include all you're custom pages in each server instance.



来源:https://stackoverflow.com/questions/33560256/custom-nginx-error-page-for-the-ssl-certificate-error