I am trying to configure nginx 1.4.1 (using OpenSSL 1.0.1e) with a PEM
encoded certificate file that contains the whole chain, 3 including Root
CA. But I can not get it to work. I have followed documentation at Configuring HTTPS servers and http://www.startssl.com/?app=42, but no matter what I do it seems I can
not get nginx to deliver more than one certificate. I have used both http://portecle.sourceforge.net and SSL Server Test (Powered by Qualys SSL Labs) to
verify. Other services (e.g. dovecot IMAP server) on the same host using
same version of OpenSSL and same intermediate certificate and Root CA
works works fine. How can I troubleshoot what is going wrong with nginx?
I note that you’re using startcom for the certificate, I recall that the
intermediate certificate they say to use isn’t actually the one provided
and had to complete the certificate chain myself.
To build up my pem I started with the crt and key, then running “openssl
x509 -in cert.pem -noout -text” I was then able to download the correct
intermediate using the “CA Issuers - URI” provided in the certificate.
Appending this to the pem and retesting. Repeating the process for each
certificate until it became valid.