Nginx doesn't send certificate chain

nginx https ssl tls

Solution 1:

You have the following certificates in your list (in that order):

 #L Subject: ... CN=tiendaganadera.com
    Issuer:  ... CN=COMODO RSA Domain Validation Secure Server CA

 #A Subject: ... CN=COMODO RSA Certification Authority
    Issuer:  ... CN=AddTrust External CA Root

 #B Subject: ... CN=COMODO RSA Domain Validation Secure Server CA
    Issuer:  ... CN=COMODO RSA Certification Authority

 #R Subject: ... CN=AddTrust External CA Root
    Issuer:  ... CN=AddTrust External CA Root

Obviously, the order does not match. The first certificate #L is correctly the leaf certificate. But the following certificate #A does not sign #L as you can see from the fact that the subject of #A does not match the issuer of #L. Instead #B signs #L and #A signs #B and #R signs #A. #R then is the root certificate which should not be included at all.

To fix:

  • leaf #L as the first
  • move #B up so that it is directly after #L
  • move #A down so that it is directly after #B
  • remove #R because the root certificate should not be included (will be usually ignored if included but it is bad style).

Related

How to schedule a task to run when the windows server is reboot or shutdown?
Execute Powershell Add-Computer remotely via Invoke-Command
ec2 instance showing garbled name root ebs duplicate
Amazon EC2: OpenVPN server won't route bridged packets from client to VPC subnet
nginx Access Control Origin Header is configured but doesn't work
Completely getting rid of SSLv3 on Apache
Checking puppet-generated exim config before deploying
Grouping nodes in puppet
Can I use TLSv1.0 for one client IP, TLS v1.2 for everyone else
Where do md array definitions come from?
Multiple wildcard certificates for same common name on different servers
Why is the cron ENV different from the user's ENV?