quarks
Reputation: 35326
SSL Certificate Not Trusted - Intermediate Certificate
When I check my website through Digicert, it says that SSL Certificate is not trusted
Here's the NGINX configuration
server {
listen 80;
listen 443 default_server ssl;
server_name ~. "";
location / {
proxy_pass http://localhost:8080;
}
# Wildcard certificate
ssl_certificate /etc/ssl/certs/STAR_mydomain_com-bundle.crt;
ssl_certificate_key /etc/ssl/private/STAR_mydomain_com.key;
}
The STAR_mydomain_com-bundle.crt and STAR_mydomain_com.key are the only two files emailed by Comodo when I registered the SSL. So I'm not sure which file is missing in the chain.
Upvotes: 2
Views: 5283
Answers (1)
quarks
Reputation: 35326
So when you register for an SSL from Comodo (e.g. via Namecheap) you get two files (in zip format):
e.g.
- STAR_mydomain_com.crt
- STAR_mydomain_com.ca-bundle
Combine the two files based on the instruction here.
So it would be
cat STAR_mydomain_com.crt STAR_mydomain_com.ca-bundle > STAR_mydomain_com-bundle.crt
To install this certificate into NGINX first do:
cat STAR_mydomain_com-bundle.crt SectigoRSADomainValidationSecureServerCA.crt USERTrustRSAAddTrustCA.crt > tls.crt
The certificate combined here can be then used with NGINX and is valid without issues.
Upvotes: 2
Related Questions
- SSL, Connection is not secure
- Nginx not serving intermediate certificate
- NGINX - Unable to verify the first certificate
- Nginx install intermediate certificate
- SSL Certificate on NGINX fails to load
- NGinx SSL certificate authentication signed by intermediate CA (chain)
- SSL Certificate not trusted
- nginx and ssl certificate
- Nginx SSL certificate
- Certificate signed by Intermediate shows as self-signed certificate