SSL certificate chain

Steve Wilson lists-nginx at
Mon Sep 2 11:12:52 UTC 2013

On 2013-09-02 11:59, Daniel Lundqvist wrote:
> I have, it just says only 1 certificate is provided. Here are the test
> results:

I note that you're using startcom for the certificate, I recall that the 
intermediate certificate they say to use isn't actually the one provided 
and had to complete the certificate chain myself.

To build up my pem I started with the crt and key, then running "openssl 
x509 -in cert.pem -noout -text" I was then able to download the correct 
intermediate using the "CA Issuers - URI" provided in the certificate. 
Appending this to the pem and retesting. Repeating the process for each 
certificate until it became valid.

  Authority Information Access:
                 OCSP - URI:
                 CA Issuers - 

It might be worth checking if your intermediate matches the above one.

More information about the nginx mailing list