Help on proxy_ssl_trusted_certificate

Sun Jun 25 01:36:17 UTC 2017

Hi,

I am trying to validate the upstream server by enabling the
proxy_ssl_trusted_certficate and proxy_ssl_verify. I've tried to build the
pem in so many ways. I tried just the CA, CA + intermmediate,
CA+intermmediate + server. But I still keep getting this error message. 

2017/06/24 23:56:31 [error] 3512#0: *1 upstream SSL certificate verify
error: (20:unable to get local issuer certificate) while SSL handshaking t
o upstream, client: 127.0.0.1, server: , request: "POST / HTTP/1.1",
upstream: "https://203.105.61.190:443/", host: "localhost:8443"

Below is my config file and my current pem file. I've commented in and out a
number of this options but they still don't work.

The test website is https://test.paydollar.com. The pem file is created by
downloading it through the browser.

The way I tested this is by issuing a curl request like this:

curl -X POST http://localhost:8443/x

Config File:
--------------------------------------------------
server {
        listen       8443;

        location / {
#            proxy_set_header Host      $host;
#            proxy_set_header Host      $remote_addr;
#            proxy_set_header X-Real-IP $remote_addr;
#            proxy_set_header X-Forwarded-Host $host;
#            proxy_set_header X-Forwarded-Server $host;
#            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass https://test.paydollar.com;
            proxy_ssl_verify on;
            proxy_ssl_trusted_certificate /etc/nginx/conf.d/test2.pem;
#            proxy_ssl_name "test.paydollar.com";
#            proxy_ssl_verify_depth 2;
#            proxy_ssl_server_name on;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
}
-------------------------------------

PEM File:

Thanks.

Alf

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275124,275124#msg-275124