"unsupported certificate purpose" error when connecting to Apache http 2.x with Mutual Authentication

Solution Verified - Updated -

Issue

  • Mutual Authentication (two-way SSL) configuration in Apache httpd is not allowing (reponse http status 403 - forbidden) a clients to access an application. The error in the Apache httpd error_log is:
AH02039: Certificate Verification: Error (26): unsupported certificate purpose
  • Client CA and intermediate CA on Nginx server, but when the client try to access the URL, client is receiving a 400 error, and also the below error from Nginx:
[info] 160002#0: *29 client SSL certificate verify error: (26:unsupported certificate purpose) while reading client request headers, client: 10.10.10.10, server: example.com, request: "POST /foo/bar HTTP/1.1", host: "example.com"

Environment

  • Red Hat Enterprise Linux (RHEL)
    • 7.x
    • 8.x
  • Apache httpd
  • NGINX

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content