SSL certificate chain
Steve Wilson
lists-nginx at swsystem.co.uk
Mon Sep 2 11:12:52 UTC 2013
On 2013-09-02 11:59, Daniel Lundqvist wrote:
> I have, it just says only 1 certificate is provided. Here are the test
> results:
> https://www.ssllabs.com/ssltest/analyze.html?d=www.malarhojden.nu
...
I note that you're using startcom for the certificate, I recall that the
intermediate certificate they say to use isn't actually the one provided
and had to complete the certificate chain myself.
https://www.ssllabs.com/ssltest/analyze.html?d=www.stevewilson.co.uk
To build up my pem I started with the crt and key, then running "openssl
x509 -in cert.pem -noout -text" I was then able to download the correct
intermediate using the "CA Issuers - URI" provided in the certificate.
Appending this to the pem and retesting. Repeating the process for each
certificate until it became valid.
Authority Information Access:
OCSP - URI:http://ocsp.startssl.com/sub/class1/server/ca
CA Issuers -
URI:http://aia.startssl.com/certs/sub.class1.server.ca.crt
It might be worth checking if your intermediate matches the above
sub.class1.server.ca.crt one.
More information about the nginx
mailing list