nginx

Home

Table of Contents

$ figlet nginx 

             _
 _ __   __ _(_)_ __ __  __
| '_ \ / _` | | '_ \\ \/ /
| | | | (_| | | | | |>  <
|_| |_|\__, |_|_| |_/_/\_\
       |___/

1 Nginx chained certificates

http://nginx.org/en/docs/http/configuring_https_servers.html

SSL certificate chains

Some browsers may complain about a certificate signed by a well-known certificate authority, while other browsers may accept the certificate without issues. This occurs because the issuing authority has signed the server certificate using an intermediate certificate that is not present in the certificate base of well-known trusted certificate authorities which is distributed with a particular browser. In this case the authority provides a bundle of chained certificates which should be concatenated to the signed server certificate. The server certificate must appear before the chained certificates in the combined file: 

$ cat www.example.com.crt bundle.crt > www.example.com.chained.crt

The resulting file should be used in the sslcertificate directive: 

server {
    listen              443 ssl;
    server_name         www.example.com;
    ssl_certificate     www.example.com.chained.crt;
    ssl_certificate_key www.example.com.key;
    ...
}

Author: root

Created: 2019-05-23 Thu 20:00

Emacs 25.2.2 (Org mode 8.2.10)

Validate