I recently had to setup a new Thawte SSL 123 SSL certificate on a clients webserver that was running nginx, but was having problems with the certificate being valid. The problem was when visiting the website, the browser was reporting it as an unknown issuer. After trying a few different methods including trying to use the ssl_client_certificate directive which didn’t work (not sure why), the solution was the following:
- Download your client certificate from thawte
- Download the primary and secondary intermediate CAs (Apache version has both certificates in the one file)
- Combine the 3 certificates into one file, with your certificate first, then the primary and secondary intermediate certificates.
- Add: ssl_verify_depth 3; to your configuration file
- Restart nginx
So in the end, your nginx configuration file should look like the following:
Now your browser should say that the certificate was issues by Thawte DV SSL CA. You can test your SSL has been setup correctly by visiting https://www.wormly.com/test_ssl. This method should also work when setting up any intermediate CAs, but just change the ssl_verify_depth to the number of certificates you are installing.