Multi certificate support returns Letsencrypt Intermediate Certificate twice

Hello folks,

I have the following setup:
Nginx 1.11.0
Libressl 2.3.4

1 Letsencrypt RSA 2048 certificate
1 Letsencrypt ECDSA p256 certificate

The certificate files are both chained. Both have the Letsencrypt RSA
2048
X3 intermediate certificate at the end of the file.

The problem is:
Nginx returns this intermediate certificate twice when connecting via
https.
Regardless whether you connect via RSA client or ECDSA client.

Is this a bug? Or a configuration issue?

Thank you in advance!

Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,267240,267240#msg-267240

Hello!

On Tue, May 31, 2016 at 07:12:20AM -0400, mastercan wrote:

X3 intermediate certificate at the end of the file.

The problem is:
Nginx returns this intermediate certificate twice when connecting via https.
Regardless whether you connect via RSA client or ECDSA client.

Is this a bug? Or a configuration issue?

Only OpenSSL 1.0.2 and higher support separate chains for
different certificates. With older versions (including LibreSSL)
there is only one chain for all certificates, and all chained
certificates will be added to it. That is, if chains are the same
you have to leave only one of them.


Maxim D.
http://nginx.org/

Thanks a lot for the fast response!

Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,267240,267249#msg-267249

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs