Hello! On Mon, Nov 09, 2020 at 03:48:08PM -0500, meniem wrote:
> Thanks Maxim for your feedback. > > Yeah, I believe it's an issue with the intermediate certificates. So, can > you please let me know how can I obtain this intermediate certificates so > that I can append it to the certificate itself. > > I can't also change this from the upstream server; as we are getting those > from one of our providers. > > Currently I have the Certificate, Key and CA files only. Likely the CA file contains needed intermediate certificate. Quick-and-dirty test would be to simply add all the CA file contents to the proxy_ssl_certificate file, much like when configuring certificate chains (http://nginx.org/en/docs/http/configuring_https_servers.html#chains). For more details, consider looking into the certificate itself and all certificates in the CA file by using the following command: $ openssl x509 -subject -issuer -noout -in /path/to/cert Results should allow you to build a chain from the certificate to the self-signed root CA. You'll need first certificates from this chain, including the certificate itself, to be in the proxy_ssl_certificate file. Most likely the certificate itself and the intermediate CA certificate as listed in the certificate issuer would be enough. Note that the CA file likely contains more than one certificate, while openssl only shows information about the first certificate in a file. You'll have to save each of them to a separate file for openssl to be able to see them. -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx