SSL Chain Cert
Riku Räisänen
riku at helloit.fi
Fri Aug 17 12:20:44 MSD 2007
Thank you Igor for such a fast response -- should have asked in the
first place, been playing around with the same problem for days now.
Just a small correction: I had to do the concat the other way around:
cat mail.domain.com.crt ca-bundle.crt > super-bundle.crt
Otherwise I will get a key mismatch error and nginx won't start.
Seems to me that the first cert is used when comparing with the key.
Anyway, thank you again for you fast response that was dead on
target. :)
-Riku Räisänen
Igor Sysoev kirjoitti 17.8.2007 kello 11:03:
> On Fri, Aug 17, 2007 at 11:00:34AM +0300, Riku R?is?nen wrote:
>
>> I've tried to install a SSL Chain Cert with no success.
>>
>> configuration:
>>
>> ssl_certificate /etc/ssl/mail.domain.com.crt;
>> ssl_certificate_key /etc/ssl/mail.domain.com.key;
>> ssl_client_certificate /etc/ssl/ca-bundle.crt;
>>
>> the ssl_client_certificate is the bundled chain cert that is needed
>> for my SSL certificate to work. Is my configuration wrong? Does nginx
>> have support for chain certs?
>
> cat ca-bundle.crt mail.domain.com.crt > super-bundle.crt
>
> ssl_certificate /etc/ssl/super-bundle.crt;
> ssl_certificate_key /etc/ssl/mail.domain.com.key;
>
>
> ssl_client_certificate is used to check clients certificates, it as
> same
> as Apache's SSLCACertificateFile:
> http://www.modssl.org/docs/2.8/ssl_reference.html#ToC14
>
>
> --
> Igor Sysoev
> http://sysoev.ru/en/
>
Ystävällisin terveisin,
Riku Räisänen
HelloIT
Profian Oy
riku at helloit.fi
+358 400 882030
More information about the nginx
mailing list