Reputation: 1965
NGINX reverse-proxy with SSL certificate gives SEC_ERROR_UNKNOWN_ISSUER error only in Firefox
I've configured an NGINX reverse-proxy with SSL certificate and it works fine in Chrome and IE, but give me an SSL error (SEC_ERROR_UNKNOWN_ISSUER) in Firefox. Why is that?
Upvotes: 1
Views: 1593
Answers (1)
Reputation: 1965
I've just found another answer to a similar problem that explains that this happens if the certificate chain is not fully sent by the server (or in this case the load balancer).
This other answer explains that Chrome looks for this missing chain certificates by itself while Firefox does not. Actually Firefox caches intermediate certificates from earlier connections to other sites, but in my case since I'm mostly using Chrome, Firefox didn't had any cache of these Sectigo (Comodo) root certificates, that's why I was getting the validation error.
When I purchased my PositiveSSL certificate I've received both the "crt" file for my domain but also a "ca-bundle" file which is the certification authority bundle. Both these files should be concatenated (first my certificate, followed by the certificates for the authority chain), and this combined file is what should be configured as ssl_certificate in NGINX.
Upvotes: 1
Related Questions
- getting 400 bad request error when nginx reverse proxy is configured with SSL.
- Encountering "111:Unknown Error" when trying to setup a reverse proxy using SSL for multiple domains
- Reverse proxy cannot load ssl certificates
- Nginx reverse proxy works fine with Safari and Firefox but doesn't work with Chrome
- Nginx reverse proxy error:14077438:SSL SSL_do_handshake() failed
- nginx - reverse proxy certificate authentication
- SSL certificate incorrectly installed on nginx web server (Django web app)
- Another nginx reverse proxy issue
- SSL Handshake problems with nginx reverse proxy
- Nginx(reverse proxy) cant forward SSL certificate of https backend to clients