Welcome! Log In Create A New Profile

Advanced

Re: SSL error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:SSL alert

Maxim Dounin
November 09, 2020 04:20PM
Hello!

On Mon, Nov 09, 2020 at 03:48:08PM -0500, meniem wrote:

> Thanks Maxim for your feedback.
>
> Yeah, I believe it's an issue with the intermediate certificates. So, can
> you please let me know how can I obtain this intermediate certificates so
> that I can append it to the certificate itself.
>
> I can't also change this from the upstream server; as we are getting those
> from one of our providers.
>
> Currently I have the Certificate, Key and CA files only.

Likely the CA file contains needed intermediate certificate.
Quick-and-dirty test would be to simply add all the CA file
contents to the proxy_ssl_certificate file, much like when
configuring certificate chains
(http://nginx.org/en/docs/http/configuring_https_servers.html#chains).

For more details, consider looking into the certificate
itself and all certificates in the CA file by using the following
command:

$ openssl x509 -subject -issuer -noout -in /path/to/cert

Results should allow you to build a chain from the certificate to
the self-signed root CA. You'll need first certificates from this
chain, including the certificate itself, to be in the
proxy_ssl_certificate file. Most likely the certificate itself
and the intermediate CA certificate as listed in the certificate
issuer would be enough.

Note that the CA file likely contains more than one certificate,
while openssl only shows information about the first certificate
in a file. You'll have to save each of them to a separate file
for openssl to be able to see them.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

SSL error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:SSL alert

meniem November 05, 2020 05:18PM

Re: SSL error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:SSL alert

Sergey Kandaurov November 05, 2020 07:58PM

Re: SSL error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:SSL alert

meniem November 06, 2020 04:35AM

Re: SSL error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:SSL alert

Maxim Dounin November 09, 2020 02:14PM

Re: SSL error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:SSL alert

meniem November 09, 2020 03:48PM

Re: SSL error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:SSL alert

Thomas Ward November 09, 2020 04:10PM

Re: SSL error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:SSL alert

Maxim Dounin November 09, 2020 04:20PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 81
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready