On 26 November 2014 at 02:33, Jeff Tchang <[email protected]> wrote:
> In general when using a certificate chain you put the certs one after > another in the text file. > > So it looks like > > --- begin cert --- > --- end cert --- > --- begin cert --- > --- end cert --- > > Then you point the server to the file. Not sure if this is your issue or > not? > > I've always done SSL termination via nginx or apache. > > uWSGI, like Apache and Nginx, use OpenSSL to terminate the SSL connection. OpenSSL reads certificates from a "bundle" file where they are just concatenated together, in a specific order. Usually the certificate authors provide you the instructions how to do the concatenation, either by using cat command or just copy-paste in the text editor. Please note that the order of the certificates in the bundle must be in the correct order, though I don't remember should the intermediate certificates come as the last or the first. Also I am not sure if bundled certificates are OpenSSL's internal property or is it just how all web servers chose to read them. There are also some reasons you don't want to terminate HTTP/HTTPS traffic with uWSGI directly, but use Nginx instead. See this earlier post: http://lists.unbit.it/pipermail/uwsgi/2014-August/007516.html Cheers, Mikko
_______________________________________________ uWSGI mailing list [email protected] http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
