0

I have configured Nginx to support both ECC and RSA cert in a hybrid mode.

After enabling, used below cmd to get the full chain cert from my server:

openssl s_client -showcerts -connect server:443 -servername server-sni

Then I got three cert, one leaf, two duplicate intermediate cert (should be only one intermediate cert).

I didn't find any issue with my nginx config

    #rsa
    ssl_certificate /path/server_rsa-cert.pem;
    ssl_certificate_key /path/server_rsa-key.pem;
    # ecc
    ssl_certificate /path/server_ecc-cert.pem;
    ssl_certificate_key /path/server_ecc-key.pem;

Then I tried remove ECC cert or RSA cert, ran openssl command, there is no duplicate intermediate cert after that.

So it seems the duplicate intermediate cert only happen when Nginx in a hybrid cert mode.

Any idea on this?

Improve this question

1 Answer 1

Reset to default
0

Ok, after digging around, I have figured out that all these problems are caused by old libressl version I have used. Upgrade libressl version to 2.9.2, then compile Nginx fixed this problem.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .