针对"SSL证书错误"的自定义nginx错误页面； [英] Custom nginx error page for "The SSL certificate error"

问题描述

如果客户将选择过期的证书，则Nginx服务器将显示内置错误页面.

If the customer will choose the expired certificate, the nginx server will show the built-in error page.

<html>
<head><title>400 The SSL certificate error</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The SSL certificate error</center>
<hr><center>nginx</center>
</body>
</html>

如何捕获错误并向客户显示其他页面?

How can I catch the error and show the client a different page?

推荐答案

请参考 http://nginx.org/en/docs/http/ngx_http_ssl_module.html#errors

Please refer to http://nginx.org/en/docs/http/ngx_http_ssl_module.html#errors

为代码400定义错误页面将不起作用.工作方法是

Define an error page for code 400 will not work. The working approach is

server {
    ...
    error_page 495 496 497 https://www.google.com;
    ...
}

因此，未能提交有效证书的用户将被重定向到google.com.当 ssl_verify_client 设置为 on 或 optional 时，这将起作用.

So a user failed to submit a valid certificate will be redirect to google.com. This will work when ssl_verify_client is set to on or optional.

另一种方法仅在将 $ ssl_verify_client 设置为 optional 时有效，您可以使用 $ ssl_client_verify 进行重定向.

Another approach works only when $ssl_verify_client is set to optional, you could use $ssl_client_verify for redirecting.

if ($ssl_client_verify = NONE) { 
    return 303 https://www.google.com;
}

将 $ ssl_verify_client 设置为 on 时，它将不起作用.

When $ssl_verify_client is set to on, it will not work.

这篇关于针对"SSL证书错误"的自定义nginx错误页面；的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！