On 06/21/2016 03:59 AM, CJ Ess wrote:
> Check that you have both the certificate and any intermediate
> certificates in your pem file - you can skip the top-most CA
> certificates as those are generally included in your browser's CA
> store - but the intermediates are not.
>
> I believe Nginx wants certs ordered from bottom-most (your cert) to
> top-most (ca's cert) - it used to be picky about that I haven't
> retried the ordering in a long while.
>
>
It used to be your site cert at the top of the file. Don't know whether
this is still true, but I always do it!

I recommend using the Qualys site ( https://www.ssllabs.com/ssltest/ )
to check and fine tune your SSL setup. They keep very current on all the
vulns too, which is just sooo helpful.

Steve

--
Steve Holdoway BSc(Hons) MIITP
http://www.greengecko.co.nz
Linkedin: http://www.linkedin.com/in/steveholdoway
Skype: sholdowa

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx