SSL Chain Cert

Riku Räisänen riku at helloit.fi
Fri Aug 17 12:20:44 MSD 2007


Thank you Igor for such a fast response -- should have asked in the  
first place, been playing around with the same problem for days now.

Just a small correction: I had to do the concat the other way around:
	cat mail.domain.com.crt ca-bundle.crt > super-bundle.crt

Otherwise I will get a key mismatch error and nginx won't start.  
Seems to me that the first cert is used when comparing with the key.

Anyway, thank you again for you fast response that was dead on  
target. :)

-Riku Räisänen

Igor Sysoev kirjoitti 17.8.2007 kello 11:03:

> On Fri, Aug 17, 2007 at 11:00:34AM +0300, Riku R?is?nen wrote:
>
>> I've tried to install a SSL Chain Cert with no success.
>>
>> configuration:
>>
>>                 ssl_certificate      /etc/ssl/mail.domain.com.crt;
>>                 ssl_certificate_key  /etc/ssl/mail.domain.com.key;
>>                 ssl_client_certificate /etc/ssl/ca-bundle.crt;
>>
>> the ssl_client_certificate is the bundled chain cert that is needed
>> for my SSL certificate to work. Is my configuration wrong? Does nginx
>> have support for chain certs?
>
> cat ca-bundle.crt mail.domain.com.crt > super-bundle.crt
>
>        ssl_certificate      /etc/ssl/super-bundle.crt;
>        ssl_certificate_key  /etc/ssl/mail.domain.com.key;
>
>
> ssl_client_certificate is used to check clients certificates, it as  
> same
> as Apache's SSLCACertificateFile:
> http://www.modssl.org/docs/2.8/ssl_reference.html#ToC14
>
>
> -- 
> Igor Sysoev
> http://sysoev.ru/en/
>

Ystävällisin terveisin,

Riku Räisänen
HelloIT
Profian Oy
riku at helloit.fi
+358 400 882030








More information about the nginx mailing list