Verifying a Verisign Certificate Using nginx and an Intermediate Certificate

I had an SSL certificate in place in an https server, but whenever I connected to the site, I would see a certificate error. I tried verifying the certificate and got the following error:

$ openssl verify cert.pemcert.pem: [details removed]
error 20 at 0 depth lookup:unable to get local issuer certificate

I stumbled across a reference to Verisign requiring an “intermediate certificate” in order to verify an issued certificate. Consequently, I downloaded the following intermediate certificate from Verisign, based on the type of certificate I was working with. Storing this certificate into a file I called “verisign_intermediate.crt,” I was now able to verify my certificate:

$ openssl verify -CAfile verisign_intermediate.crt cert.pemcert.pem: OK

The final hurdle was to get the https server (nginx) to play ball. Per nginx documentation here, I simply appended the intermediate certificate to my main certificate file, reloaded the nginx configuration, et voilĂ ! No more certificate error.

Verisign Intermediate CA Installation Instructions

Leave a Reply