ssl for nginx, old browsers

Igor Sysoev is at
Tue Oct 6 17:29:50 MSD 2009

On Tue, Oct 06, 2009 at 09:18:53AM -0400, eternity wrote:

> So, i made a bit progress
> I took chrome which doesn't ask for risk, and exported chain
> So, now, old version asks only once to add root CA and then it becomes silent
> Now the question - how to add one more element in chain so old browsers won't even ask for adding CA
> site:

openssl s_client -connect
Certificate chain
 0 s:/C=RU/postalCode=198411/ST=Some-State/L=Saint-Petersburg/streetAddress=Sankt-Peterburg, g. Lomonosov Svyazi, d. 1/O=CJS SV-Groupe/OU=CJS SV-Groupe/OU=Provided by Hosting-Center RBC/OU=RBC HC Gold SSL/
   i:/C=RU/O=RBC Hosting Center/CN=RBC HC High Assurance Services CA
 1 s:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=
   i:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=

First, the ceritficate is for
Second, the ceritficate is signed by RBC, however, RBC's ceritficate is
not signed: you have a broken chain: --- RBC -||- USERTRUST

Igor Sysoev

More information about the nginx mailing list