Hi, I'm new to the list and I hope you can give some light into the following:
I have a site (Rails app) that I'm trying to setup with SSL and SSL Client Certificate (using nginx). I bought a wildcard one-domain certificate at GoDaddy in order to support multiple subdomains to my site: **.mysite.com* I downloaded the cert file and the bundle file; combined them into one single cert and setup my nginx SSL directives to use it as suggested here [1]. So now I have something like this: ... ssl_certificate /var/www/rails/mysite/ssl/mysite.com.combined.crt; ssl_certificate_key /var/www/rails/mysite/ssl/mysite.com.key; ... Then I try to verify my setup using the openssl command line tool and I got this: $ openssl s_client -connect mysite.com:443 -showcerts CONNECTED(00000003) depth=3 /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN= http://www.valicert.com//[email protected] verify error:num=19:self signed certificate in certificate chain verify return:0 --- Certificate chain 0 s:/O=*.mysite.com/OU=Domain Control Validated/CN=*.mysite.com i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU= http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287 -----BEGIN CERTIFICATE----- MIIFVzCCBD+gAwIBAgIHTyWPQS3tOjANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE .....more....... mz61HEG2Bn/pe4dsaHFPgY3KjlDe+KaH/HuD -----END CERTIFICATE----- 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU= http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287 i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority -----BEGIN CERTIFICATE----- MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx .....more....... qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV U+4= -----END CERTIFICATE----- 2 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN= http://www.valicert.com//[email protected] -----BEGIN CERTIFICATE----- MIIE+zCCBGSgAwIBAgICAQ0wDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1Zh .....more....... SxOaFIqII6hR8INMqzW/Rn453HWkrugp++85j09VZw== -----END CERTIFICATE----- 3 s:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN= http://www.valicert.com//[email protected] i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN= http://www.valicert.com//[email protected] -----BEGIN CERTIFICATE----- MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0 .....more....... W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd -----END CERTIFICATE----- --- Server certificate subject=/O=*.mysite.com/OU=Domain Control Validated/CN=*.mysite.com issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU= http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287 --- No client certificate CA names sent --- SSL handshake has read 5355 bytes and written 319 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: BBC2FD59A062A4FC48C1384842895C3BCA559F37E23F4890AD518D2EA32FB54F Session-ID-ctx: Master-Key: 9B51A344FB76A9606E69179849A40B0E23CD897094D5A4BFD8C31752E64181F481930348B785754234BB93C6822293F7 Key-Arg : None Start Time: 1286841464 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- How can I solve this issue?? Any hints? Thanks, [1] http://nginx.groups.wuyasea.com/articles/how-to-setup-godaddy-ssl-certificate-on-nginx/2 -- Ariel Diaz Bermejo http://www.linkedin.com/in/adiazbermejo
