Django and SSL sslforfree.com
This is the first time I'm trying to use an SSL certificate in a Django project.
I take the certificate here (i.e., in fact, from letsencrypt).
Generated a certificate without CSR.
Three files came to archif: ca_bundle.crt, certificate.crt, private. key.
Nginx returns 2 files: certificate.crt and private. key.
Everything works fine, except for Android devices, when you log in from any Android browser, it gives an "error" as in a self-signed certificate.
Extension
Ssl-checker returns, among other things, this:
The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate.
I understand that you need to use the openssl utility, and do something with the ca_bundle.crt file, but I can't find what exactly.
1 answers
Based on the file name and the information you provided, most likely, the ca_bundle.crt file stores the intermediate ca certificate, which is signed by your certificate (sent to you in the certificate.crt file).
From these two files, you need to form one consisting of your certificate (should go first) and an intermediate one. then all http clients will be able to verify the validity of your certificate.
The name of this file can be arbitrary (it often mentions the domain name and the suffix .crt, just for convenience):
$ (cat certificate.crt; echo; cat ca_bundle.crt) > ваш.домен.crt
And in the nginx configuration, you will need to specify this file as a certificate:
ssl_certificate /путь/к/файлу/ваш.домен.crt
Nginx returns 2 files: certificate. crt and private. key.
You did something wrong. the http server should not just "give"them away. of course, there is nothing secret in the certificate files, but the file with the secret key private.key should be kept "secret".
P. s. such a complex command with parentheses and echo is needed for a situation where the first file does not contain a newline character at the end.