You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We just debugged and fixed an issue in #smartos regarding adding real SSL certificates for a docker install, etc.
The documentation needs to be updated to take account of changes in the SSL ecosystem. Certificates are now being signed with extra additional intermediates to allow for more inter-CA trust, validation and revocation. We've seen this lots lately in relation to changing of certificates to support SHA256 and HPKP; Which are now part of PCI compliance testing.
The change is small, thankfully. Instead of using the certificate from the SSL vendor directly, the combination of the certificate and the ca bundle need to be concatenated together in the correct order and then the resultant chained certificate file used by the server as the certificate.
We just debugged and fixed an issue in
#smartosregarding adding real SSL certificates for a docker install, etc.The documentation needs to be updated to take account of changes in the SSL ecosystem. Certificates are now being signed with extra additional intermediates to allow for more inter-CA trust, validation and revocation. We've seen this lots lately in relation to changing of certificates to support SHA256 and HPKP; Which are now part of PCI compliance testing.
The change is small, thankfully. Instead of using the certificate from the SSL vendor directly, the combination of the certificate and the ca bundle need to be concatenated together in the correct order and then the resultant chained certificate file used by the server as the certificate.
See the following for details: http://nginx.org/en/docs/http/configuring_https_servers.html#chains
The text was updated successfully, but these errors were encountered: