Ngninx 1.1.19, SSL certificates, Chaining and custom CA
June 30, 2014 11:41AM
Hello everyone,

I am using nginx 1.1.19 with HTTPS on a debian machine and I'd like to use a chain of certificates.
I cannot upgrade nginx to the current stable release ( problably that's my real problem... ) and I'd like also to build my own CA root.

I created all the certificates, installed them on the debian machine; checked them with "openssl verify" with success.

I followed the instructions from these sites:
http://nginx.org/en/docs/http/configuring_https_servers.html
http://www.digicert.com/ssl-certificate-installation-nginx.htm

But every time I try to use HTTPS from a client nginx explode with the following error:
"SSL_do_handshake() failed (SSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate) while SSL handshaking, client: 192.168.0.78, server: localhost"

The problem disappears If I just use a single self-signed certificate.
It seems on v1.1.19 I am not allowed to use a custom CA even if it's correctly configured on openSSL.

Any advice or Hint ?
Re: Ngninx 1.1.19, SSL certificates, Chaining and custom CA
July 01, 2014 05:03AM
Took me a while but, in the end, I discovered the problem.

Simply I wasn't changing the certificate serial number when I was signing them.
"Bad Certificate" error is a little too generic to understand such things ;)
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 260
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready