nginx ssl cert error:

When you concatenated your SSL .crt intermediate and root certs together, it’s likely you ended up with lines line this:

—–END CERTIFICATE———-BEGIN CERTIFICATE—–

To fix this, manually edit to insert a newline between the end and begin like this, and you should be all set:

-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----

New WoSign/StartCom certificates issued after Jan 1st 2017 blocked on Apple products

My first 1 year free SSL certificate with StartSSL is about to expire this month, so time to renew for another year. At this point last year I wasn’t sure what would happen at this point 1 year later, but appears you just apply for another new certificate, and then replace it on the servers where you are using it.

 

However, once I had requested my new certificate and uploaded it to my OpenShift account, Chrome blocked access to my site with a ‘certificate revoked’ error. I bit of digging turned up this article. Due to a number of security related issues with the Certificate Authority WoSign and later their undisclosed purchase of StartCom/StartSSL, it appears use of certificates from either of these companies are now blocked on all Apple products if issued after Jan 1st 2017, and also on Firefox and Chrome too. More info on Wikipedia here, and Mozilla here¬†and here.