Nginx server return duplicate intermediate cert when enable both ECC and RSA cert in Nginx

0

I have configured Nginx to support both ECC and RSA cert in a hybrid mode.

After enabling, used below cmd to get the full chain cert from my server:

openssl s_client -showcerts -connect server:443 -servername server-sni

Then I got three cert, one leaf, two duplicate intermediate cert (should be only one intermediate cert).

I didn't find any issue with my nginx config

    #rsa
    ssl_certificate /path/server_rsa-cert.pem;
    ssl_certificate_key /path/server_rsa-key.pem;
    # ecc
    ssl_certificate /path/server_ecc-cert.pem;
    ssl_certificate_key /path/server_ecc-key.pem;

Then I tried remove ECC cert or RSA cert, ran openssl command, there is no duplicate intermediate cert after that.

So it seems the duplicate intermediate cert only happen when Nginx in a hybrid cert mode.

Any idea on this?

adiggo

Posted 2019-05-28T23:06:08.967

Reputation: 1

Answers

0

Ok, after digging around, I have figured out that all these problems are caused by old libressl version I have used. Upgrade libressl version to 2.9.2, then compile Nginx fixed this problem.

adiggo

Posted 2019-05-28T23:06:08.967

Reputation: 1

Asked: 2019-05-28T23:06:08.967

Viewed: 44 times

Active: 2019-06-24T02:43:45.693