Nginx, Apache, SSL and signed by an unknown certifying authority
While we migrated mostly everything without problems we were confronted with the problem that our SSL certificate gave us an error message of the form:
“The certificate for this website was signed by an unknown certifying authority”
This was rather strange because the same certificate worked with Apache just fine. After some time and searching for a solution we found that we had to tell Nginx to use the SSL Chain file as well. The only problem is that Nginx does not have a explicit parameter like Apache has. In Apache the SSL config looks like this (we use a GoDaddy certificate):
SSLEngine On SSLCertificateFile /etc/httpd/ssl/youcert.crt SSLCertificateKeyFile /etc/httpd/ssl/yourkey.key SSLCertificateChainFile /etc/httpd/ssl/gd_bundle.crt
Now, in order to get this working in Nginx you need to append the “gd_bundle.crt” to your crt file, which is quite simple with the following commands (do a backup of any files before doing this!):
cat gd_bundle.crt >> yourcert.crt
Then simply restart Ngnix and all is back to normal (but just really faster with Nginx then with anything else:-) ).