0
I have configured Nginx to support both ECC and RSA cert in a hybrid mode.
After enabling, used below cmd to get the full chain cert from my server:
openssl s_client -showcerts -connect server:443 -servername server-sni
Then I got three cert, one leaf, two duplicate intermediate cert (should be only one intermediate cert).
I didn't find any issue with my nginx config
#rsa
ssl_certificate /path/server_rsa-cert.pem;
ssl_certificate_key /path/server_rsa-key.pem;
# ecc
ssl_certificate /path/server_ecc-cert.pem;
ssl_certificate_key /path/server_ecc-key.pem;
Then I tried remove ECC cert or RSA cert, ran openssl command, there is no duplicate intermediate cert after that.
So it seems the duplicate intermediate cert only happen when Nginx in a hybrid cert mode.
Any idea on this?