OCSP_basic_verify() failed
Maxim Dounin
mdounin at mdounin.ru
Fri Jan 11 14:48:12 UTC 2013
Hello!
On Wed, Jan 09, 2013 at 05:02:11AM -0500, philipp wrote:
> I have created a trust file both ways:
>
> cat www.hellmi.de.pem > www.hellmi.de.trust
> cat subca.pem >> www.hellmi.de.trust
> cat ca.pem >> www.hellmi.de.trust
>
> or
>
> cat subca.pem > www.hellmi.de.trust
> cat ca.pem >> www.hellmi.de.trust
>
> and configured it as ssl_trusted_certificate, this did not help either. How
> do I create a trusted certificate for a StartCom CA?
>
> This chain looks like this:
>
> StartCom Certification Authority (ca.pem)
> StartCom Class 1 Primary Intermediate Server CA (subca.pem)
> www.hellmi.de (www.hellmi.de.pem)
Something like
cat sub.class1.server.ca.pem ca.pem > trusted.pem
should be enough (files named to match ones available from
StartCom). I've just tested with a free class 1 cert from
StartCom, and it works fine. If you still see errors with
ssl_trusted_certificate configured - you may want to provide more
details.
--
Maxim Dounin
http://nginx.com/support.html
More information about the nginx
mailing list