Nginx, Apache, SSL and signed by an unknown certifying authority
Posted by Nitai | Posted in linux, open source | Posted on 17-01-2010
4
We just moved a whole bunch of servers to a new hosting center and moved from CentOS to Ubuntu (server) and Apache to Nginx (more on this in a later blog post).
While we migrated mostly everything without problems we were confronted with the problem that our SSL certificate gave us an error message of the form:
“The certificate for this website was signed by an unknown certifying authority”
This was rather strange because the same certificate worked with Apache just fine. After some time and searching for a solution we found that we had to tell Nginx to use the SSL Chain file as well. The only problem is that Nginx does not have a explicit parameter like Apache has. In Apache the SSL config looks like this (we use a GoDaddy certificate):
SSLEngine On SSLCertificateFile /etc/httpd/ssl/youcert.crt SSLCertificateKeyFile /etc/httpd/ssl/yourkey.key SSLCertificateChainFile /etc/httpd/ssl/gd_bundle.crt
Now, in order to get this working in Nginx you need to append the “gd_bundle.crt” to your crt file, which is quite simple with the following commands (do a backup of any files before doing this!):
cat gd_bundle.crt >> yourcert.crt
Then simply restart Ngnix and all is back to normal (but just really faster with Nginx then with anything else:-) ).
[...] TheNitai » Blog Archive » Nginx, Apache, SSL and signed by an … [...]
Thanks for this. I was fed up of searching GoDaddy's truly awful labyrinth of a website for instructions.
Great that it helped. I'll never understand why organizations make it so difficult to find informations. There are enough tools out there to deliver precise and structured help to customers.
Just started playing with nginx this weekend. Very nice so far and I've spent sometime putting it through paces. So simple and so much power.
digicert setup in nginx – cool to see this level of details on a site:
http://www.digicert.com/ssl-certificate-installat...