SSL root certificates
Igor Sysoev
is at rambler-co.ru
Mon Mar 17 16:03:03 MSK 2008
On Mon, Mar 17, 2008 at 12:52:21PM +0000, Igor Clark wrote:
> Hi Igor,
>
> On 17 Mar 2008, at 12:43, Igor Sysoev wrote:
>
> >>I thought I needed to add this to nginx config using
> >>ssl_client_certificate but I've tried a variety of their CA certs in
> >>ssl_client_certificate but I still get "This cert was signed by an
> >>untrusted authority".
> >
> >Will your client create own certificates, sign them using Verisign CA,
> >and pass them to install to the client's browsers ?
> >
> >Or simply do they want to set one Verisign certificate on their site ?
>
> Simply want to use one Verisign certificate for an SSL section of the
> site.
Then you do not need ssl_client_certificate. You need to concatenate
your certificate with Verisign intermediate one:
cat your_cert.crt intermediate.crt > cert.crt
However, I'm not not sure about certificates order:
i.e yours + intermediate vs intermediate + yours.
See also:
http://blog.imperialdune.com/2007/3/31/setting-up-godaddy-turbo-ssl-on-nginx
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list