We've been using a GeoTrust SSL certificate, for some time now, and I just got a call that Internet Explorer warns its users that our certificate is not trusted. I really have no clue what's going on.
We're using nginx 1.0.5, I've installed the certificate along with the GeoTrust intermediary and it works absolutely fine in Firefox, Safari and Google Chrome, etc.
Additionally a digicert SSL check tells me everything is okay. However, Internet Explorer 8 and another SSL checker both tell me, that:
- It's not trusted (self-signed)
- The domain name doesn't match.
What is going on?
A few details on our setup:
We're running a Rails app with nginx + unicorn (as rack server), nginx as reverse proxy to unicorn, and serving static assets.
We have basically three virtual hosts:
- production – containing of a http and a https virtual host
- staging – exact copy of production, but on another subdomain, and different SSL cert (self-signed)
- a 'rewrite' virtual host – one which rewrites all of our domains to 'www.kayoom.com'
Best Answer
As I understand you have set up both sites to use SSL on the same IP:port?
In general only 1 certificate can be bound to IP:port pair unless server is capable of Server Name Indication (nginx is) and configured to support it (Internet Explorer supports it from v7 I believe).
Try configuring it: http://nginx.org/en/docs/http/configuring_https_servers.html#sni ... or bind subdomain to a different IP:port pair (i.e. same IP but different port (e.g. 45454) or different IP).