Hi all,

We have a verisign ssl cert and I've configured nginx with the .crt file containing our cert and the verisign intermediate cert (in that order in the file)

In MacOs safari, both on the desktop and the iphone, I am getting certificate errors (can't verify the identity). Firefox on the same platform says the certificate is ok, and IE in most cases says it is ok. I have had a couple of reports of IE7 complaining about the validity of the certificate, but that has been sporadic. I've also checked it with curl (on linux and macos) and it complains as follows:

curl https://www.greennote.com curl: (60) Peer certificate cannot be authenticated with known CA certificates

Does anyone have any ideas of why this would happen?

My nginx.conf has this for ssl:

ssl on; ssl_certificate /etc/nginx/www.crt; ssl_certificate_key /etc/nginx/prod.key;

ssl_session_timeout 10m; ssl_session_cache shared:SSL:10m;

ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:! LOW:!SSLv2:+EXP; ssl_prefer_server_ciphers on;

This problem was not happening on our hardware load balancers with the same certificate, so I'm at a loss as to what to try next.

thanks, james