1
votes

I'm experiencing some issues with my SSL setup on a client application. The application is served from Nginx on an AWS EC2 instance. I have an AWS load balancer in front of this server. My SSL cert is installed on the Load Balancer and all traffic is routed to Nginx on the relevant port.

If I navigate to one of the webpages served by Nginx I get an SSL Certificate error in my browser.

If I run the following OpenSSL command I get an error...

openssl s_client -debug -connect example.com:443

Verify return code: 21 (unable to verify the first certificate)

And if I check the domain on Digicert I get...

SSL Certificate is not trusted

I use the same type of setup for other projects (SSL on LB) and it works fine. Its only my Nginx instance that is giving me trouble. Is there some configuration I could be missing with Nginx?

Thanks!

1
Are you missing some intermediate certificates perhaps?Richard Smith
Hi, this is where my knowledge of SSL starts to get a bit blurry. I'm aware of intermediate certificates but where should they go? On the LB or is this something specific to nginx? Thanks!fatlog

1 Answers

1
votes

The certificate authority provides you with a signed certificate and (zero or more) intermediate certificates. You will need to check with whoever signed your certificate as to which (if any) intermediate certificates need to be bundled with your signed certificate.

In the nginx configuration file, the ssl_certificate directive specifies the file containing your signed certificate and any intermediate certificates concatenated together, with the signed certificate appearing first. This is a text file and should contain one or more sections between line markers:

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

See this document for more.