OCSP_basic_verify() failed

Maxim Dounin mdounin at mdounin.ru
Fri Jan 11 14:48:12 UTC 2013


Hello!

On Wed, Jan 09, 2013 at 05:02:11AM -0500, philipp wrote:

> I have created a trust file both ways:
> 
> cat www.hellmi.de.pem >  www.hellmi.de.trust
> cat subca.pem >> www.hellmi.de.trust
> cat ca.pem >> www.hellmi.de.trust
> 
> or
> 
> cat subca.pem > www.hellmi.de.trust
> cat ca.pem >> www.hellmi.de.trust
> 
> and configured it as ssl_trusted_certificate, this did not help either. How
> do I create a trusted certificate for a StartCom CA?
> 
> This chain looks like this:
> 
> StartCom Certification Authority (ca.pem)
> StartCom Class 1 Primary Intermediate Server CA (subca.pem)
> www.hellmi.de (www.hellmi.de.pem)

Something like

cat sub.class1.server.ca.pem ca.pem > trusted.pem

should be enough (files named to match ones available from 
StartCom).  I've just tested with a free class 1 cert from 
StartCom, and it works fine.  If you still see errors with 
ssl_trusted_certificate configured - you may want to provide more 
details.

-- 
Maxim Dounin
http://nginx.com/support.html



More information about the nginx mailing list