Welcome! Log In Create A New Profile

Re: Does ssl_trusted_certificate actually send certs to client?

Forum List Message List New Topic Print View

shumisha

March 02, 2015 10:53AM

Registered: 11 years ago
Posts: 4

Hi Maxim,

Just did that and work fine for me! The warning "chain contains anchor" is gone from qualys ssl test page, while OCSP stapling is on, as well as ssl_stapling_verify.

Side note: after applying this patch, I realized my config was actually wrong: the ssl_certificate file was indeed lacking my ssl cert provider intermediate cert and the trust chain verification started to fail. Previously, this error was masked by openssl auto building the trust chain using alphaSSL intermediate found in ssl_trsuted_certificate.

Also, I applied the patch to nginx 1.6.2, which I'm using.

Assuming this needs more testing, hope it can make it into an upcoming release.

Thanks

Reply Quote

RSS

Subject	Author	Posted
Does ssl_trusted_certificate actually send certs to client?	Julian Simioni	February 12, 2015 05:04AM
Re: Does ssl_trusted_certificate actually send certs to client?	Maxim Dounin	February 12, 2015 08:14AM
Re: Does ssl_trusted_certificate actually send certs to client?	shumisha	March 01, 2015 07:05AM
Re: Does ssl_trusted_certificate actually send certs to client?	Maxim Dounin	March 02, 2015 09:52AM
Re: Does ssl_trusted_certificate actually send certs to client?	shumisha	March 02, 2015 10:53AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 240

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018