Verisign Intermediate CA issues

Gabriel Ramuglia gabe at
Sat Jan 24 00:36:33 MSK 2009

Here's what I have:

                    ssl                 on;

                    ssl_session_timeout  5m;

                    ssl_protocols  SSLv2 SSLv3 TLSv1;
                    ssl_prefer_server_ciphers   on;

I haven't noticed any particular issues, but haven't tested in safari.
Would be interested to know if you get the same issue with mine (seems
my config is slightly different). is a good test url.

On Fri, Jan 23, 2009 at 1:02 PM, James Ochs <james.ochs at> wrote:
> Hi all,
> We have a verisign ssl cert and I've configured nginx with the .crt file
> containing our cert and the verisign intermediate cert (in that order in the
> file)
> In MacOs  safari, both on the desktop and the iphone, I am getting
> certificate errors (can't verify the identity).  Firefox on the same
> platform says the certificate is ok, and IE in most cases says it is ok.  I
> have had a couple of reports of IE7 complaining about the validity of the
> certificate, but that has been sporadic.  I've also checked it with curl (on
> linux and macos) and it complains as follows:
> curl
> curl: (60) Peer certificate cannot be authenticated with known CA
> certificates
> Does anyone have any ideas of why this would happen?
> My nginx.conf has this for ssl:
>            ssl                  on;
>            ssl_certificate      /etc/nginx/www.crt;
>            ssl_certificate_key  /etc/nginx/prod.key;
>            ssl_session_timeout  10m;
>            ssl_session_cache    shared:SSL:10m;
>            ssl_protocols  SSLv3 TLSv1;
>            ssl_ciphers
>            ssl_prefer_server_ciphers   on;
> This problem was not happening on our hardware load balancers with the same
> certificate, so I'm at a loss as to what to try next.
> thanks,
> james
> --
> James Ochs
> Network Operations Manager
> james.ochs at
> KeyID: 0x6E7BBE9D

More information about the nginx mailing list