Chains generated consistent with 6544938ef2955d52c5e8d95f53c280322526a790:
cat STAR_humbughq_com.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt > wildcard-humbughq.com.combined-chain.crt
The files added in this commit should be manually copied to
/etc/ssl/certs/ on prod.
(imported from commit 9d674d6a0f7ced686ddb078dd36e44a9e3df82c3)
Previously we presented the server cert, then the intermediate, then the
CA. This caused some browsers to break.
To resolve the issue, we ran:
wget http://www.startssl.com/certs/ca.pem -O startcom.pem
wget http://www.startssl.com/certs/sub.class1.server.ca.pem
cat app.humbughq.com.crt sub.class1.server.ca.pem startcom.pem > app.humbughq.com.combined-chain.crt
(repeating the last step for each .humbughq.com.crt)
Note: The resultant .combined-chain. files contain different
certificates than they did previously.
(imported from commit 6544938ef2955d52c5e8d95f53c280322526a790)
This is the format Nginx wants. It contains the following files concatenated
together in order:
app.humbughq.com.crt
startcom.pem
sub.class1.server.ca.pem
(imported from commit 6ed5679501f48729b4b4df19169042d5c0c37b5d)
Luke Faraone
Luke Faraone
Tim Abbott
Keegan McAllister