SSL root certificates

Igor Sysoev is at
Mon Mar 17 16:03:03 MSK 2008

On Mon, Mar 17, 2008 at 12:52:21PM +0000, Igor Clark wrote:

> Hi Igor,
> On 17 Mar 2008, at 12:43, Igor Sysoev wrote:
> >>I thought I needed to add this to nginx config using
> >>ssl_client_certificate but I've tried a variety of their CA certs in
> >>ssl_client_certificate but I still get "This cert was signed by an
> >>untrusted authority".
> >
> >Will your client create own certificates, sign them using Verisign CA,
> >and pass them to install to the client's browsers ?
> >
> >Or simply do they want to set one Verisign certificate on their site ?
> Simply want to use one Verisign certificate for an SSL section of the  
> site.

Then you do not need ssl_client_certificate. You need to concatenate
your certificate with Verisign intermediate one:

cat your_cert.crt intermediate.crt > cert.crt

However, I'm not not sure about certificates order:
i.e yours + intermediate vs intermediate + yours.

See also:

Igor Sysoev

More information about the nginx mailing list