Does ssl_trusted_certificate actually send certs to client?

shumisha nginx-forum at
Mon Mar 2 15:53:41 UTC 2015

Hi Maxim,

Just did that and work fine for me! The warning "chain contains anchor" is
gone from qualys ssl test page, while OCSP stapling is on, as well as

Side note: after applying this patch, I realized my config was actually
wrong: the ssl_certificate file was indeed lacking my ssl cert provider
intermediate cert and the trust chain verification started to fail.
Previously, this error was masked by openssl auto building the trust chain
using alphaSSL intermediate found in ssl_trsuted_certificate.

Also, I applied the patch to nginx 1.6.2, which I'm using.

Assuming this needs more testing, hope it can make it into an upcoming


Posted at Nginx Forum:,256613,256996#msg-256996

More information about the nginx mailing list