SSL cert issue


#1

I have no issues on my end - I’ve tried all the major browsers in
Windows and I see our chained certificate properly tied to the major
CA.

However, I have a user who is reporting an issue, and this is the debug
log:

2009/03/16 01:35:14 [debug] 23225#0: *287 free: 000000001C4213E0,
unused: 96
2009/03/16 01:35:18 [debug] 23225#0: *292 accept: 12.6.127.102 fd:20
2009/03/16 01:35:18 [debug] 23225#0: *292 event timer add: 20:
60000:1237196178662
2009/03/16 01:35:18 [debug] 23225#0: *292 epoll add event: fd:20 op:1
ev:80000001
2009/03/16 01:35:18 [debug] 23225#0: *292 post event 000000001C3BC738
2009/03/16 01:35:18 [debug] 23225#0: *292 delete posted event
000000001C3BC738
2009/03/16 01:35:18 [debug] 23225#0: *292 malloc: 000000001C41EDA0:1280
2009/03/16 01:35:18 [debug] 23225#0: *292 malloc: 000000001C4214D0:256
2009/03/16 01:35:18 [debug] 23225#0: *292 malloc: 000000001C437320:8192
2009/03/16 01:35:18 [debug] 23225#0: *292 malloc: 000000001C41F6D0:4096
2009/03/16 01:35:18 [debug] 23225#0: *292 http check ssl handshake
2009/03/16 01:35:18 [debug] 23225#0: *292 https ssl handshake: 0x16
2009/03/16 01:35:18 [debug] 23225#0: *292 SSL_do_handshake: -1
2009/03/16 01:35:18 [debug] 23225#0: *292 SSL_get_error: 2
2009/03/16 01:35:18 [debug] 23225#0: *292 post event 000000001C3BC738
2009/03/16 01:35:18 [debug] 23225#0: *292 delete posted event
000000001C3BC738
2009/03/16 01:35:18 [debug] 23225#0: *292 SSL handshake handler: 0
2009/03/16 01:35:18 [debug] 23225#0: *292 SSL_do_handshake: 0
2009/03/16 01:35:18 [debug] 23225#0: *292 SSL_get_error: 1
2009/03/16 01:35:18 [info] 23225#0: *292 SSL_do_handshake() failed
(SSL: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown
ca) while SSL handshaking, client: 129.206.127.102, server:
foo.bar.com
2009/03/16 01:35:18 [debug] 23225#0: *292 http close request
2009/03/16 01:35:18 [debug] 23225#0: *292 http log handler
2009/03/16 01:35:18 [debug] 23225#0: *292 free: 000000001C41F6D0,
unused: 2322
2009/03/16 01:35:18 [debug] 23225#0: *292 close http connection: 20
2009/03/16 01:35:18 [debug] 23225#0: *292 SSL_shutdown: 1
2009/03/16 01:35:18 [debug] 23225#0: *292 event timer del: 20:
1237196178662
2009/03/16 01:35:18 [debug] 23225#0: *292 free: 000000001C437320
2009/03/16 01:35:18 [debug] 23225#0: *292 free: 000000001C41EDA0
2009/03/16 01:35:18 [debug] 23225#0: *292 free: 000000001C41EC90,
unused: 0
2009/03/16 01:35:18 [debug] 23225#0: *292 free: 000000001C4214D0,
unused: 96

this is the ssl config:
ssl on;
ssl_certificate /etc/nginx/certs/foo.bar.com.pem;
ssl_certificate_key /etc/nginx/certs/foo.bar.com.key;

and i’ve tried with this on and off:
ssl_protocols SSLv3 TLSv1;

Any ideas?

Thanks


#2

disregard this. turns out it was a minor issue with that specific
cert. somehow it did not get generated in the right order, and
nobody’s browser but his seemed to be picky about it :slight_smile: