Verisign ssl certificate issue

iberci · September 3, 2009, 6:05am

We recently switched from GoDaddy SSL certificate to Verisign’s.
Installation on Nginx went well.

Some users and browsers are reporting that the “certificate was signed
by an
unknown authority”.

You can try this by going to https://www.spellingcity.com.

It doesn’t seem that we had this issue with the GoDaddy certificate…
is
there anything else I need to do with Nginx SSL configuration to make
this
issue “go away” or is this strictly a Verisign issue (I am contacting
them
as well).

Thanks

iberci · September 3, 2009, 7:38am

On Wed, Sep 02, 2009 at 11:59:28PM -0400, Ilan B. wrote:

We recently switched from GoDaddy SSL certificate to Verisign’s.
Installation on Nginx went well.

Some users and browsers are reporting that the “certificate was signed by an
unknown authority”.

What browsers ?

You can try this by going to https://www.spellingcity.com.

It doesn’t seem that we had this issue with the GoDaddy certificate… is
there anything else I need to do with Nginx SSL configuration to make this
issue “go away” or is this strictly a Verisign issue (I am contacting them
as well).

Currently you have this cert chain:

openssl s_client -connect www.spellingcity.com:443

Certificate chain
0 s:/C=US/ST=Florida/L=Fort Lauderdale/O=SpellingCity.com,
Inc./OU=Terms of use at www.verisign.com/rpa
(c)05/CN=www.spellingcity.com
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA

G2
1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA
G2
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification
Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use
only/OU=VeriSign Trust Network

iberci · September 3, 2009, 7:42am

Thanks Igor, problem solved, turns out I needed to add the Verisign
intermediate key.

2009/9/3 Igor S. [email protected]

iberci · September 3, 2009, 1:24pm

I believe that’s correct.

iberci · September 3, 2009, 8:18am

On Thu, Sep 03, 2009 at 01:36:39AM -0400, Ilan B. wrote:

Thanks Igor, problem solved, turns out I needed to add the Verisign
intermediate key.

So before you chain was just:

0 s:/C=US/ST=Florida/L=Fort Lauderdale/O=SpellingCity.com, Inc./OU=Terms
of use at www.verisign.com/rpa (c)05/CN=www.spellingcity.com
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server
CA - G2

?