ssl on;
ssl_verify_depth 2;
ssl_certificate /opt/CA2/server.crt;
ssl_certificate_key /opt/CA2/server.key;
ssl_client_certificate /opt/CA2/ca.crt;
#ssl_crl /opt/CA2/testca.crl;
ssl_verify_client on;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
client SSL certificate verify error: (3:unable to get certificate CRL) while reading client request headers