Setting up Thawte SSL 123 on nginx

I recently had to setup a new Thawte SSL 123 SSL certificate on a clients webserver that was running nginx, but was having problems with the certificate being valid. The problem was when visiting the website, the browser was reporting it as an unknown issuer. After trying a few different methods including trying to use the ssl_client_certificate directive which didn’t work (not sure why), the solution was the following:

  1. Download your client certificate from thawte
  2. Download the primary and secondary intermediate CAs (Apache version has both certificates in the one file)
  3. Combine the 3 certificates into one file, with your certificate first, then the primary and secondary intermediate certificates.
  4. Add: ssl_verify_depth 3; to your configuration file
  5. Restart nginx

So in the end, your nginx configuration file should look like the following:

ssl_certificate         /path/to/certificate.bundle.cert;
ssl_certificate_key     /path/to/private.key;
ssl_verify_depth 3;

Now your browser should say that the certificate was issues by Thawte DV SSL CA. You can test your SSL has been setup correctly by visiting https://www.wormly.com/test_ssl. This method should also work when setting up any intermediate CAs, but just change the ssl_verify_depth to the number of certificates you are installing.

3 thoughts on “Setting up Thawte SSL 123 on nginx”

  1. Hi, I’m sorry to respond to this without it being related, but I can’t find a contact form. I’m wondering what happend to the open cart fork? I was on my way to start using open cart, but after reading your post it seems unwise. I know the issue has been fixed, but it’s rather the attitude the developer has towards security in general that scares me away and I can’t run a professional store without proper security updates.

    You can delete this comment as you see fit.

Leave a Reply