After installing SSL on Nginx server, it worked on browser, but when i try access using curl command, i get error
# curl https://serverok.in curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. #
This is fixed by adding ca-bundle to .crt file.
The cert file should be in following format
YOUR_DOMAIN.crt
YOUR_DOMAIN.ca-bundle
This can be done with
cat YOUR_DOMAIN.crt YOUR_DOMAIN.ca-bundle > YOUR_DOMAIN.ssl
Now use YOUR_DOMAIN.ssl as your ssl certificate in nginx.
ssl on;
ssl_certificate /etc/ssl/YOUR_DOMAIN.ssl;
ssl_certificate_key /etc/ssl/YOUR_DOMAIN.key;