Verisign Intermediate CA issues
James Ochs
james.ochs at greennote.com
Sat Jan 24 00:02:45 MSK 2009
Hi all,
We have a verisign ssl cert and I've configured nginx with the .crt
file containing our cert and the verisign intermediate cert (in that
order in the file)
In MacOs safari, both on the desktop and the iphone, I am getting
certificate errors (can't verify the identity). Firefox on the same
platform says the certificate is ok, and IE in most cases says it is
ok. I have had a couple of reports of IE7 complaining about the
validity of the certificate, but that has been sporadic. I've also
checked it with curl (on linux and macos) and it complains as follows:
curl https://www.greennote.com
curl: (60) Peer certificate cannot be authenticated with known CA
certificates
Does anyone have any ideas of why this would happen?
My nginx.conf has this for ssl:
ssl on;
ssl_certificate /etc/nginx/www.crt;
ssl_certificate_key /etc/nginx/prod.key;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!
LOW:!SSLv2:+EXP;
ssl_prefer_server_ciphers on;
This problem was not happening on our hardware load balancers with the
same certificate, so I'm at a loss as to what to try next.
thanks,
james
--
James Ochs
Network Operations Manager
james.ochs at greennote.com
KeyID: 0x6E7BBE9D
More information about the nginx
mailing list