Verisign Intermediate CA issues

Gabriel Ramuglia gabe at vtunnel.com
Sat Jan 24 00:36:33 MSK 2009 

Here's what I have:

                    ssl                 on;
                    ssl_certificate
/home/video/certs/video.freeproxies.org.crt;
                    ssl_certificate_key
/home/video/certs/video.freeproxies.org.key;

                    ssl_session_timeout  5m;

                    ssl_protocols  SSLv2 SSLv3 TLSv1;
                    ssl_ciphers
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
                    ssl_prefer_server_ciphers   on;

I haven't noticed any particular issues, but haven't tested in safari.
Would be interested to know if you get the same issue with mine (seems
my config is slightly different).

https://video.freeproxies.org/flvplayer.php is a good test url.

On Fri, Jan 23, 2009 at 1:02 PM, James Ochs <james.ochs at greennote.com> wrote:
> Hi all,
>
> We have a verisign ssl cert and I've configured nginx with the .crt file
> containing our cert and the verisign intermediate cert (in that order in the
> file)
>
> In MacOs  safari, both on the desktop and the iphone, I am getting
> certificate errors (can't verify the identity).  Firefox on the same
> platform says the certificate is ok, and IE in most cases says it is ok.  I
> have had a couple of reports of IE7 complaining about the validity of the
> certificate, but that has been sporadic.  I've also checked it with curl (on
> linux and macos) and it complains as follows:
>
> curl https://www.greennote.com
> curl: (60) Peer certificate cannot be authenticated with known CA
> certificates
>
> Does anyone have any ideas of why this would happen?
>
> My nginx.conf has this for ssl:
>
>            ssl                  on;
>            ssl_certificate      /etc/nginx/www.crt;
>            ssl_certificate_key  /etc/nginx/prod.key;
>
>            ssl_session_timeout  10m;
>            ssl_session_cache    shared:SSL:10m;
>
>            ssl_protocols  SSLv3 TLSv1;
>            ssl_ciphers
>  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:+EXP;
>            ssl_prefer_server_ciphers   on;
>
> This problem was not happening on our hardware load balancers with the same
> certificate, so I'm at a loss as to what to try next.
>
> thanks,
> james
>
> --
> James Ochs
> Network Operations Manager
> james.ochs at greennote.com
> KeyID: 0x6E7BBE9D
>
>
>

More information about the nginx mailing list