Does ssl_trusted_certificate actually send certs to client?

shumisha nginx-forum at nginx.us
Mon Mar 2 15:53:41 UTC 2015


Hi Maxim,

Just did that and work fine for me! The warning "chain contains anchor" is
gone from qualys ssl test page, while OCSP stapling is on, as well as
ssl_stapling_verify.

Side note: after applying this patch, I realized my config was actually
wrong: the ssl_certificate file was indeed lacking my ssl cert provider
intermediate cert and the trust chain verification started to fail.
Previously, this error was masked by openssl auto building the trust chain
using alphaSSL intermediate found in ssl_trsuted_certificate.

Also, I applied the patch to nginx 1.6.2, which I'm using.

Assuming this needs more testing, hope it can make it into an upcoming
release.

Thanks

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,256613,256996#msg-256996



More information about the nginx mailing list