Invalid Certificate Issue Resolved

Due to an incorrectly configured SSL certificate on our server browsers were showing an security warning whenever any secure pages on Scribie.com were accessed. We have corrected the configuration now and the security warning should go away. If you had faced the issue then please try now. Technical details follow.

The problem was that the intermediate certificates supplied by our CA was not specified. When we moved our domain to Scribie.com we also changed over from Apache to Nginx. In Apache the intermediate certificates where specified by the SSLCertificateChainFile directive. But Nginx does not have a corresponding directive. In Nginx the intermediate certificates have to combined into the server certificate PEM file. Once we did that, the security warning went away.

The odd part was we had run into the same error when we did the domain transition and were testing it out. But that error went away when we did force reloads of the page. So we thought it was an intermittent error which would go away eventually. But it did not and one of our users complained about it yesterday. In the end it turned out to be a simple fix.

Leave a Reply

Your email address will not be published. Required fields are marked *