SSL cert issue

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL cert issue

Michael Shadle
I have no issues on my end - I've tried all the major browsers in
Windows and I see our chained certificate properly tied to the major
CA.

However, I have a user who is reporting an issue, and this is the debug log:

2009/03/16 01:35:14 [debug] 23225#0: *287 free: 000000001C4213E0, unused: 96
2009/03/16 01:35:18 [debug] 23225#0: *292 accept: 12.6.127.102 fd:20
2009/03/16 01:35:18 [debug] 23225#0: *292 event timer add: 20:
60000:1237196178662
2009/03/16 01:35:18 [debug] 23225#0: *292 epoll add event: fd:20 op:1
ev:80000001
2009/03/16 01:35:18 [debug] 23225#0: *292 post event 000000001C3BC738
2009/03/16 01:35:18 [debug] 23225#0: *292 delete posted event 000000001C3BC738
2009/03/16 01:35:18 [debug] 23225#0: *292 malloc: 000000001C41EDA0:1280
2009/03/16 01:35:18 [debug] 23225#0: *292 malloc: 000000001C4214D0:256
2009/03/16 01:35:18 [debug] 23225#0: *292 malloc: 000000001C437320:8192
2009/03/16 01:35:18 [debug] 23225#0: *292 malloc: 000000001C41F6D0:4096
2009/03/16 01:35:18 [debug] 23225#0: *292 http check ssl handshake
2009/03/16 01:35:18 [debug] 23225#0: *292 https ssl handshake: 0x16
2009/03/16 01:35:18 [debug] 23225#0: *292 SSL_do_handshake: -1
2009/03/16 01:35:18 [debug] 23225#0: *292 SSL_get_error: 2
2009/03/16 01:35:18 [debug] 23225#0: *292 post event 000000001C3BC738
2009/03/16 01:35:18 [debug] 23225#0: *292 delete posted event 000000001C3BC738
2009/03/16 01:35:18 [debug] 23225#0: *292 SSL handshake handler: 0
2009/03/16 01:35:18 [debug] 23225#0: *292 SSL_do_handshake: 0
2009/03/16 01:35:18 [debug] 23225#0: *292 SSL_get_error: 1
2009/03/16 01:35:18 [info] 23225#0: *292 SSL_do_handshake() failed
(SSL: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown
ca) while SSL handshaking, client: 129.206.127.102, server:
foo.bar.com
2009/03/16 01:35:18 [debug] 23225#0: *292 http close request
2009/03/16 01:35:18 [debug] 23225#0: *292 http log handler
2009/03/16 01:35:18 [debug] 23225#0: *292 free: 000000001C41F6D0, unused: 2322
2009/03/16 01:35:18 [debug] 23225#0: *292 close http connection: 20
2009/03/16 01:35:18 [debug] 23225#0: *292 SSL_shutdown: 1
2009/03/16 01:35:18 [debug] 23225#0: *292 event timer del: 20: 1237196178662
2009/03/16 01:35:18 [debug] 23225#0: *292 free: 000000001C437320
2009/03/16 01:35:18 [debug] 23225#0: *292 free: 000000001C41EDA0
2009/03/16 01:35:18 [debug] 23225#0: *292 free: 000000001C41EC90, unused: 0
2009/03/16 01:35:18 [debug] 23225#0: *292 free: 000000001C4214D0, unused: 96

this is the ssl config:
                ssl on;
                ssl_certificate /etc/nginx/certs/foo.bar.com.pem;
                ssl_certificate_key /etc/nginx/certs/foo.bar.com.key;

and i've tried with this on and off:
               ssl_protocols SSLv3 TLSv1;

Any ideas?

Thanks

Reply | Threaded
Open this post in threaded view
|

Re: SSL cert issue

Michael Shadle
disregard this. turns out it was a minor issue with that specific
cert. somehow it did not get generated in the right order, and
nobody's browser but his seemed to be picky about it :)

On Mon, Mar 16, 2009 at 2:37 AM, mike <[hidden email]> wrote:
> I have no issues on my end - I've tried all the major browsers in
> Windows and I see our chained certificate properly tied to the major
> CA.
>