PositiveSSL certificate keeps giving the untrusted issuer warnings in

I
  • 4 Sep '11
Since I'm working on a Facebook app, the self-signed certificate I 
created for SSL access to my admin area is no longer useful.

I grabbed a PositiveSSL cert from Comodo, but after following the 
instructions here ( http://kbeezie.com/view/free-ssl-with-nginx/2/ ) but 
still get the untrusted or self-signed warnings.

This page 
(http://www.digicert.com/ssl-certificate-installation-nginx.htm) seems 
to suggest I have to concatenate several crt files together.

This is what Comodo sent me:

AddTrustExternalCARoot.crt
PositiveSSLCA.crt
UTNAddTrustServerCA.crt and
www_example_com.crt

Do I need to concatenate all of these?

Also, just curious why do some example sites I've seen say Ngix needs a 
pem file and others say a crt?

Thanks!
I
  • 5 Sep '11
On 04/09/2011 7:46 PM, Ian Evans wrote:
> Since I'm working on a Facebook app, the self-signed certificate I
> created for SSL access to my admin area is no longer useful.
>
> I grabbed a PositiveSSL cert from Comodo, but after following the
> instructions here ( http://kbeezie.com/view/free-ssl-with-nginx/2/ ) but
> still get the untrusted or self-signed warnings.

Upon further testing I see that it's still using the old cert despite 
issuing a kill -HUP.

How do I get nginx to start using the new cert?
I
  • 5 Sep '11
On 04/09/2011 8:04 PM, Ian Evans wrote:
> Upon further testing I see that it's still using the old cert despite
> issuing a kill -HUP.

Sigh...okay, never mind. Seems I had one typo in the conf change so the 
kill -HUP was still using the old conf. So it's working okay now.

Still curious why some examples use pem and others use crt.

Also any best usage additions I should add to the ssl section?
I
  • 5 Sep '11
On Sun, Sep 04, 2011 at 09:06:07PM -0400, Ian Evans wrote:
> On 04/09/2011 8:04 PM, Ian Evans wrote:
> > Upon further testing I see that it's still using the old cert despite
> > issuing a kill -HUP.
> 
> Sigh...okay, never mind. Seems I had one typo in the conf change so the 
> kill -HUP was still using the old conf. So it's working okay now.
> 
> Still curious why some examples use pem and others use crt.

This is just a file extention. Both use the same PEM formay inside.

> Also any best usage additions I should add to the ssl section?

Please read this:
http://nginx.org/en/docs/http/configuring_https_servers.html

-- 
Igor Sysoev