Verisign Intermediate CA issues

James Ochs james.ochs at greennote.com
Sat Jan 24 01:32:09 MSK 2009 

yep, I get the same error in safari on mac os and on the iphone with  
the link you gave below.  firefox is happy.

If I add the intermediate certs to my keychain it stops complaining,  
but thats not really a good solution for endusers.

Thanks,
james

On Jan 23, 2009, at 1:36 PM, Gabriel Ramuglia wrote:

> Here's what I have:
>
>                    ssl                 on;
>                    ssl_certificate
> /home/video/certs/video.freeproxies.org.crt;
>                    ssl_certificate_key
> /home/video/certs/video.freeproxies.org.key;
>
>                    ssl_session_timeout  5m;
>
>                    ssl_protocols  SSLv2 SSLv3 TLSv1;
>                    ssl_ciphers
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
>                    ssl_prefer_server_ciphers   on;
>
> I haven't noticed any particular issues, but haven't tested in safari.
> Would be interested to know if you get the same issue with mine (seems
> my config is slightly different).
>
> https://video.freeproxies.org/flvplayer.php is a good test url.
>
> On Fri, Jan 23, 2009 at 1:02 PM, James Ochs  
> <james.ochs at greennote.com> wrote:
>> Hi all,
>>
>> We have a verisign ssl cert and I've configured nginx with the .crt  
>> file
>> containing our cert and the verisign intermediate cert (in that  
>> order in the
>> file)
>>
>> In MacOs  safari, both on the desktop and the iphone, I am getting
>> certificate errors (can't verify the identity).  Firefox on the same
>> platform says the certificate is ok, and IE in most cases says it  
>> is ok.  I
>> have had a couple of reports of IE7 complaining about the validity  
>> of the
>> certificate, but that has been sporadic.  I've also checked it with  
>> curl (on
>> linux and macos) and it complains as follows:
>>
>> curl https://www.greennote.com
>> curl: (60) Peer certificate cannot be authenticated with known CA
>> certificates
>>
>> Does anyone have any ideas of why this would happen?
>>
>> My nginx.conf has this for ssl:
>>
>>           ssl                  on;
>>           ssl_certificate      /etc/nginx/www.crt;
>>           ssl_certificate_key  /etc/nginx/prod.key;
>>
>>           ssl_session_timeout  10m;
>>           ssl_session_cache    shared:SSL:10m;
>>
>>           ssl_protocols  SSLv3 TLSv1;
>>           ssl_ciphers
>> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:+EXP;
>>           ssl_prefer_server_ciphers   on;
>>
>> This problem was not happening on our hardware load balancers with  
>> the same
>> certificate, so I'm at a loss as to what to try next.
>>
>> thanks,
>> james
>>
>> --
>> James Ochs
>> Network Operations Manager
>> james.ochs at greennote.com
>> KeyID: 0x6E7BBE9D
>>
>>
>>
>

-- 
James Ochs
Network Operations Manager
james.ochs at greennote.com
KeyID: 0x6E7BBE9D

More information about the nginx mailing list