Verisign Intermediate CA issues

James Ochs james.ochs at
Sat Jan 24 00:02:45 MSK 2009

Hi all,

We have a verisign ssl cert and I've configured nginx with the .crt  
file containing our cert and the verisign intermediate cert (in that  
order in the file)

In MacOs  safari, both on the desktop and the iphone, I am getting  
certificate errors (can't verify the identity).  Firefox on the same  
platform says the certificate is ok, and IE in most cases says it is  
ok.  I have had a couple of reports of IE7 complaining about the  
validity of the certificate, but that has been sporadic.  I've also  
checked it with curl (on linux and macos) and it complains as follows:

curl: (60) Peer certificate cannot be authenticated with known CA  

Does anyone have any ideas of why this would happen?

My nginx.conf has this for ssl:

             ssl                  on;
             ssl_certificate      /etc/nginx/www.crt;
             ssl_certificate_key  /etc/nginx/prod.key;

             ssl_session_timeout  10m;
             ssl_session_cache    shared:SSL:10m;

             ssl_protocols  SSLv3 TLSv1;
             ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:! 
             ssl_prefer_server_ciphers   on;

This problem was not happening on our hardware load balancers with the  
same certificate, so I'm at a loss as to what to try next.


James Ochs
Network Operations Manager
james.ochs at
KeyID: 0x6E7BBE9D

More information about the nginx mailing list