Verisign ssl certificate issue

We recently switched from GoDaddy SSL certificate to Verisign’s.
Installation on Nginx went well.

Some users and browsers are reporting that the “certificate was signed
by an
unknown authority”.

You can try this by going to https://www.spellingcity.com.

It doesn’t seem that we had this issue with the GoDaddy certificate…
is
there anything else I need to do with Nginx SSL configuration to make
this
issue “go away” or is this strictly a Verisign issue (I am contacting
them
as well).

Thanks

On Wed, Sep 02, 2009 at 11:59:28PM -0400, Ilan B. wrote:

We recently switched from GoDaddy SSL certificate to Verisign’s.
Installation on Nginx went well.

Some users and browsers are reporting that the “certificate was signed by an
unknown authority”.

What browsers ?

You can try this by going to https://www.spellingcity.com.

It doesn’t seem that we had this issue with the GoDaddy certificate… is
there anything else I need to do with Nginx SSL configuration to make this
issue “go away” or is this strictly a Verisign issue (I am contacting them
as well).

Currently you have this cert chain:

openssl s_client -connect www.spellingcity.com:443


Certificate chain
0 s:/C=US/ST=Florida/L=Fort Lauderdale/O=SpellingCity.com,
Inc./OU=Terms of use at www.verisign.com/rpa
(c)05/CN=www.spellingcity.com
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA

  • G2
    1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
    https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA
  • G2
    i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification
    Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use
    only/OU=VeriSign Trust Network

Thanks Igor, problem solved, turns out I needed to add the Verisign
intermediate key.

2009/9/3 Igor S. [email protected]

I believe that’s correct.

On Thu, Sep 03, 2009 at 01:36:39AM -0400, Ilan B. wrote:

Thanks Igor, problem solved, turns out I needed to add the Verisign
intermediate key.

So before you chain was just:

0 s:/C=US/ST=Florida/L=Fort Lauderdale/O=SpellingCity.com, Inc./OU=Terms
of use at www.verisign.com/rpa (c)05/CN=www.spellingcity.com
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server
CA - G2

?