On 06/21/2016 03:59 AM, CJ Ess wrote:
Check that you have both the certificate and any intermediate
certificates in your pem file - you can skip the top-most CA
certificates as those are generally included in your browser's CA
store - but the intermediates are not.
I believe Nginx wants certs ordered from bottom-most (your cert) to
top-most (ca's cert) - it used to be picky about that I haven't
retried the ordering in a long while.
It used to be your site cert at the top of the file. Don't know whether
this is still true, but I always do it!
I recommend using the Qualys site ( https://www.ssllabs.com/ssltest/ )
to check and fine tune your SSL setup. They keep very current on all the
vulns too, which is just sooo helpful.
Steve
--
Steve Holdoway BSc(Hons) MIITP
http://www.greengecko.co.nz
Linkedin: http://www.linkedin.com/in/steveholdoway
Skype: sholdowa
_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx
