We have a verisign ssl cert and I’ve configured nginx with the .crt
file containing our cert and the verisign intermediate cert (in that
order in the file)
In MacOs safari, both on the desktop and the iphone, I am getting
certificate errors (can’t verify the identity). Firefox on the same
platform says the certificate is ok, and IE in most cases says it is
ok. I have had a couple of reports of IE7 complaining about the
validity of the certificate, but that has been sporadic. I’ve also
checked it with curl (on linux and macos) and it complains as follows:
curl: (60) Peer certificate cannot be authenticated with known CA
Does anyone have any ideas of why this would happen?
My nginx.conf has this for ssl:
ssl on; ssl_certificate /etc/nginx/www.crt; ssl_certificate_key /etc/nginx/prod.key; ssl_session_timeout 10m; ssl_session_cache shared:SSL:10m; ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!
This problem was not happening on our hardware load balancers with the
same certificate, so I’m at a loss as to what to try next.