We currently have a single nginx server running as a backend proxy for 4-5 Apache servers.
my problem is that after installing the ssl certificate i get the following error when testing the ssl connection:
openssl s_client -connect xxx.xxxxxxxxx.xxx:443 | more
Verify return code: 21 (unable to verify the first certificate)
The SSL was purchased through RapidSSL nginx's config is as follows for the ssl proxy:
server {
listen 443 ssl;
server_name _;
access_log /var/log/nginx/ssl-access.log;
error_log /var/log/nginx/ssl-error.log;
ssl on;
ssl_certificate ssl/wildcard-xxxxxxx.xx.xx.crt;
ssl_certificate_key ssl/wildcard-xxxxxxx.xx.xx.key;
keepalive_timeout 60;
location / {
proxy_pass https://backend;
}
}
I can verify that the backend servers return the ssl connection ok
Verify return code: 0 (ok)
if anyone could give me a heads up or a pointed would be greatly appreciated.
Thnx,
David
Best Answer
RapidSSL does not directly sign certificate by recognized Certificate Authority, but uses intermediate certiface to sign wildcard certificates. Browser / OpenSSL does not have intermediate certificate in it's trust chain, so it cannot validate SSL cert.
You have to install intermediate certificate in nginx. Get intermediate certificate (it should be included in your purchase / customer service instructions) and append it to your certificate.