Welcome! Log In Create A New Profile

Advanced

Re: Does ssl_trusted_certificate actually send certs to client?

March 02, 2015 10:53AM
Hi Maxim,

Just did that and work fine for me! The warning "chain contains anchor" is gone from qualys ssl test page, while OCSP stapling is on, as well as ssl_stapling_verify.

Side note: after applying this patch, I realized my config was actually wrong: the ssl_certificate file was indeed lacking my ssl cert provider intermediate cert and the trust chain verification started to fail. Previously, this error was masked by openssl auto building the trust chain using alphaSSL intermediate found in ssl_trsuted_certificate.

Also, I applied the patch to nginx 1.6.2, which I'm using.

Assuming this needs more testing, hope it can make it into an upcoming release.

Thanks
Subject Author Posted

Does ssl_trusted_certificate actually send certs to client?

Julian Simioni February 12, 2015 05:04AM

Re: Does ssl_trusted_certificate actually send certs to client?

Maxim Dounin February 12, 2015 08:14AM

Re: Does ssl_trusted_certificate actually send certs to client?

shumisha March 01, 2015 07:05AM

Re: Does ssl_trusted_certificate actually send certs to client?

Maxim Dounin March 02, 2015 09:52AM

Re: Does ssl_trusted_certificate actually send certs to client?

shumisha March 02, 2015 10:53AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 89
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready