Verisign Intermediate CA issues

James Ochs james.ochs at greennote.com
Sat Jan 24 21:33:38 MSK 2009 

crap.  yeah that was it ;)

Thanks!

James

On Jan 24, 2009, at 7:11 AM, Igor Sysoev wrote:

> On Fri, Jan 23, 2009 at 01:02:45PM -0800, James Ochs wrote:
>
>> Hi all,
>>
>> We have a verisign ssl cert and I've configured nginx with the .crt
>> file containing our cert and the verisign intermediate cert (in that
>> order in the file)
>
> It seems that you get wrong Verisign intermediate cert:
>
> 0 s:/C=US/ST=California/L=Redwood City/O=GreenNote, Inc/OU=IT/ 
> OU=Terms of use at www.verisign.com/rpa (c)05/CN=www.greennote.com
>   i:/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign  
> International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by  
> Ref. LIABILITY LTD.(c)97 VeriSign
>
> 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use  
> at https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure  
> Server CA
>   i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification  
> Authority
>
> www.greennote.com is issued by
>
>   /O=VeriSign Trust Network/OU=VeriSign, Inc.
>   /OU=VeriSign International Server CA - Class 3
>   /OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
>
> but the second certificate is
>
>   /C=US
>   /O=VeriSign, Inc.
>   /OU=VeriSign Trust Network
>   /OU=Terms of use at https://www.verisign.com/rpa (c)05/CN=VeriSign  
> Class 3 Secure Server CA
>
>> In MacOs  safari, both on the desktop and the iphone, I am getting
>> certificate errors (can't verify the identity).  Firefox on the same
>> platform says the certificate is ok, and IE in most cases says it is
>> ok.  I have had a couple of reports of IE7 complaining about the
>> validity of the certificate, but that has been sporadic.  I've also
>> checked it with curl (on linux and macos) and it complains as  
>> follows:
>>
>> curl https://www.greennote.com
>> curl: (60) Peer certificate cannot be authenticated with known CA
>> certificates
>>
>> Does anyone have any ideas of why this would happen?
>>
>> My nginx.conf has this for ssl:
>>
>>            ssl                  on;
>>            ssl_certificate      /etc/nginx/www.crt;
>>            ssl_certificate_key  /etc/nginx/prod.key;
>>
>>            ssl_session_timeout  10m;
>>            ssl_session_cache    shared:SSL:10m;
>>
>>            ssl_protocols  SSLv3 TLSv1;
>>            ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!
>> LOW:!SSLv2:+EXP;
>>            ssl_prefer_server_ciphers   on;
>>
>> This problem was not happening on our hardware load balancers with  
>> the
>> same certificate, so I'm at a loss as to what to try next.
>>
>> thanks,
>> james
>>
>> -- 
>> James Ochs
>> Network Operations Manager
>> james.ochs at greennote.com
>> KeyID: 0x6E7BBE9D
>>
>
> -- 
> Igor Sysoev
> http://sysoev.ru/en/
>

-- 
James Ochs
Network Operations Manager
james.ochs at greennote.com
KeyID: 0x6E7BBE9D

More information about the nginx mailing list