Hello everyone,

I've run into an issue I have no idea how to get around, currently we use a self signed certificate, generated with openssl, with which we sign our web server certificates and client certificates. We use the certificates for client authentication and our servers are IIS 6. This has worked well for the past few years, but now, I'm trying to setup Nginx to act as a reverse proxy to load balance our servers.

With that out of the way, the problem seams to be that the ca cert was generated with authorityKeyIdentifier = keyid,issuer, instead of just keyid and nginx can't verify the ca certificate correctly. I have tried by all means to try and recreate the ca cert, as I've kept the original rsa key for the ca, to no avail.

Is there any work around I can use, or will I have to create a new ca certificate and re emit all client/server certificates?

Hope this makes sense to someone.