 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
7 messages in ru.sysoev.nginxRe: Verisign Intermediate CA issues| From | Sent On | Attachments |
|---|---|---|
| James Ochs | Jan 23, 2009 1:02 pm | |
| Gabriel Ramuglia | Jan 23, 2009 1:36 pm | |
| James Ochs | Jan 23, 2009 2:31 pm | |
| Igor Sysoev | Jan 24, 2009 7:04 am | |
| Igor Sysoev | Jan 24, 2009 7:10 am | |
| Gabriel Ramuglia | Jan 24, 2009 10:04 am | |
| James Ochs | Jan 24, 2009 10:33 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: Verisign Intermediate CA issues | Actions... |
|---|---|---|
| From: | James Ochs (jame...@greennote.com) | |
| Date: | Jan 23, 2009 2:31:46 pm | |
| List: | ru.sysoev.nginx | |
yep, I get the same error in safari on mac os and on the iphone with the link you gave below. firefox is happy.
If I add the intermediate certs to my keychain it stops complaining, but thats not really a good solution for endusers.
Thanks, james
On Jan 23, 2009, at 1:36 PM, Gabriel Ramuglia wrote:
Here's what I have:
ssl on; ssl_certificate /home/video/certs/video.freeproxies.org.crt; ssl_certificate_key /home/video/certs/video.freeproxies.org.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on;
I haven't noticed any particular issues, but haven't tested in safari. Would be interested to know if you get the same issue with mine (seems my config is slightly different).
https://video.freeproxies.org/flvplayer.php is a good test url.
On Fri, Jan 23, 2009 at 1:02 PM, James Ochs <jame...@greennote.com> wrote:
Hi all,
We have a verisign ssl cert and I've configured nginx with the .crt file containing our cert and the verisign intermediate cert (in that order in the file)
In MacOs safari, both on the desktop and the iphone, I am getting certificate errors (can't verify the identity). Firefox on the same platform says the certificate is ok, and IE in most cases says it is ok. I have had a couple of reports of IE7 complaining about the validity of the certificate, but that has been sporadic. I've also checked it with curl (on linux and macos) and it complains as follows:
curl https://www.greennote.com curl: (60) Peer certificate cannot be authenticated with known CA certificates
Does anyone have any ideas of why this would happen?
My nginx.conf has this for ssl:
ssl on; ssl_certificate /etc/nginx/www.crt; ssl_certificate_key /etc/nginx/prod.key;
ssl_session_timeout 10m; ssl_session_cache shared:SSL:10m;
ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:+EXP; ssl_prefer_server_ciphers on;
This problem was not happening on our hardware load balancers with the same certificate, so I'm at a loss as to what to try next.
thanks, james
-- James Ochs Network Operations Manager jame...@greennote.com KeyID: 0x6E7BBE9D
-- James Ochs Network Operations Manager jame...@greennote.com KeyID: 0x6E7BBE9D