Forum: NGINX SSL cert issue

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
F5a6ed477b109fe6acc11a5a8f87e7e8?d=identicon&s=25 mike (Guest)
on 2009-03-16 10:47
(Received via mailing list)
I have no issues on my end - I've tried all the major browsers in
Windows and I see our chained certificate properly tied to the major
CA.

However, I have a user who is reporting an issue, and this is the debug
log:

2009/03/16 01:35:14 [debug] 23225#0: *287 free: 000000001C4213E0,
unused: 96
2009/03/16 01:35:18 [debug] 23225#0: *292 accept: 12.6.127.102 fd:20
2009/03/16 01:35:18 [debug] 23225#0: *292 event timer add: 20:
60000:1237196178662
2009/03/16 01:35:18 [debug] 23225#0: *292 epoll add event: fd:20 op:1
ev:80000001
2009/03/16 01:35:18 [debug] 23225#0: *292 post event 000000001C3BC738
2009/03/16 01:35:18 [debug] 23225#0: *292 delete posted event
000000001C3BC738
2009/03/16 01:35:18 [debug] 23225#0: *292 malloc: 000000001C41EDA0:1280
2009/03/16 01:35:18 [debug] 23225#0: *292 malloc: 000000001C4214D0:256
2009/03/16 01:35:18 [debug] 23225#0: *292 malloc: 000000001C437320:8192
2009/03/16 01:35:18 [debug] 23225#0: *292 malloc: 000000001C41F6D0:4096
2009/03/16 01:35:18 [debug] 23225#0: *292 http check ssl handshake
2009/03/16 01:35:18 [debug] 23225#0: *292 https ssl handshake: 0x16
2009/03/16 01:35:18 [debug] 23225#0: *292 SSL_do_handshake: -1
2009/03/16 01:35:18 [debug] 23225#0: *292 SSL_get_error: 2
2009/03/16 01:35:18 [debug] 23225#0: *292 post event 000000001C3BC738
2009/03/16 01:35:18 [debug] 23225#0: *292 delete posted event
000000001C3BC738
2009/03/16 01:35:18 [debug] 23225#0: *292 SSL handshake handler: 0
2009/03/16 01:35:18 [debug] 23225#0: *292 SSL_do_handshake: 0
2009/03/16 01:35:18 [debug] 23225#0: *292 SSL_get_error: 1
2009/03/16 01:35:18 [info] 23225#0: *292 SSL_do_handshake() failed
(SSL: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown
ca) while SSL handshaking, client: 129.206.127.102, server:
foo.bar.com
2009/03/16 01:35:18 [debug] 23225#0: *292 http close request
2009/03/16 01:35:18 [debug] 23225#0: *292 http log handler
2009/03/16 01:35:18 [debug] 23225#0: *292 free: 000000001C41F6D0,
unused: 2322
2009/03/16 01:35:18 [debug] 23225#0: *292 close http connection: 20
2009/03/16 01:35:18 [debug] 23225#0: *292 SSL_shutdown: 1
2009/03/16 01:35:18 [debug] 23225#0: *292 event timer del: 20:
1237196178662
2009/03/16 01:35:18 [debug] 23225#0: *292 free: 000000001C437320
2009/03/16 01:35:18 [debug] 23225#0: *292 free: 000000001C41EDA0
2009/03/16 01:35:18 [debug] 23225#0: *292 free: 000000001C41EC90,
unused: 0
2009/03/16 01:35:18 [debug] 23225#0: *292 free: 000000001C4214D0,
unused: 96

this is the ssl config:
                ssl on;
                ssl_certificate /etc/nginx/certs/foo.bar.com.pem;
                ssl_certificate_key /etc/nginx/certs/foo.bar.com.key;

and i've tried with this on and off:
               ssl_protocols SSLv3 TLSv1;

Any ideas?

Thanks
F5a6ed477b109fe6acc11a5a8f87e7e8?d=identicon&s=25 mike (Guest)
on 2009-03-16 10:57
(Received via mailing list)
disregard this. turns out it was a minor issue with that specific
cert. somehow it did not get generated in the right order, and
nobody's browser but his seemed to be picky about it :)
This topic is locked and can not be replied to.