Welcome! Log In Create A New Profile

Advanced

Re: Firefox says Peer's Certificate has been revoked

Previous Message Next Message
Forum List Message List New Topic Print View
Igor Sysoev
December 20, 2010 04:44PM
On Mon, Dec 20, 2010 at 01:29:08PM -0800, David Newman wrote:

> When attempting https connections to the server mail.cvcbike.org that
> previously ran Apache and now runs nginx with the same certs, Firefox
> browsers return this error:
>
> Peer's Certificate has been revoked.
>
> (Error code: sec_error_revoked_certificate)
>
> Other browsers (IE, Safari, Chrome) work without errors, and this
> previously worked with Apache.
>
> This server uses a GoDaddy bundled cert, and its hostname is one of the
> alt DNS names listed in the GoDaddy cert.
>
> Per this and other postings:
>
> http://marc.info/?l=nginx&m=123281043101966&w=2
>
> I concatenated the server's cert and the godaddy cert:
>
> cat server.crt gd_bundle.crt > mail.cvcbike.org.crt
>
> and use that in the nginx.config:
>
> ssl_certificate /etc/ssl/mail.cvcbike.org.crt;
> ssl_certificate_key /etc/ssl/private/all.key;
>
> But the Firefox error persists across restarts.
>
> I've posted openssl output below for the two certs.
>
> Thanks in advance for clues on fixing the cert error in Firefox.

I'm not sure, but probably the last (#3) GoDaddy certificate in the bundle
may cause the issue. OpenSSL without preloaded certificate base indicates
it as self signed:

>openssl s_client -connect mail.cvcbike.org:443
CONNECTED(00000003)
depth=3 /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/O=mail3.networktest.com/OU=Domain Control Validated/CN=mail3.networktest.com
i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
2 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
3 s:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
---


--
Igor Sysoev
http://sysoev.ru/en/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

Firefox says Peer's Certificate has been revoked

David Newman December 20, 2010 04:32PM

Re: Firefox says Peer's Certificate has been revoked

Igor Sysoev December 20, 2010 04:44PM

Re: Firefox says Peer's Certificate has been revoked

David Newman December 20, 2010 06:38PM

Re: Firefox says Peer's Certificate has been revoked

David Newman December 20, 2010 07:04PM

Re: Firefox says Peer's Certificate has been revoked

Cliff Wells December 20, 2010 07:20PM

Re: Firefox says Peer's Certificate has been revoked

David J. December 20, 2010 08:06PM

Re: Firefox says Peer's Certificate has been revoked

Maxim Dounin December 20, 2010 10:44PM

Multiple certs on one server (was: Re: Firefox says Peer's Certificate has been revoked)

David Newman December 22, 2010 12:22AM

Re: Multiple certs on one server

David J. December 31, 2010 07:30AM

Re: Firefox says Peer's Certificate has been revoked

António P. P. Almeida December 20, 2010 08:44PM

Re: Firefox says Peer's Certificate has been revoked

Cliff Wells December 21, 2010 10:50PM

Re: Firefox says Peer's Certificate has been revoked

Maxim Dounin December 20, 2010 07:06PM

Re: Firefox says Peer's Certificate has been revoked

David Newman December 20, 2010 07:06PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 131
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready