Web Server Load Balancing with NGINX Plus

In our ongoing efforts to improve the security of our products, we’ve made a change that affects the way NGINX Plus is installed and updated. We are replacing the self‑signed certificate we previously used to secure the NGINX Plus repository with a certificate from GlobalSign, a well‑known and trusted Certificate Authority (CA). With a CA‑signed certificate, clients can now verify the certificate we present and be assured that the code they are downloading is from NGINX, Inc.

The next time you install or update NGINX Plus, you might see an error such as:

  • On Amazon Linux, CentOS, Oracle Linux, and RHEL:

    curl#60 - "Peer's certificate issuer has been marked as not trusted by the user."
  • On Debian and Ubuntu:

    server certificate verification failed. CAfile: /etc/ssl/nginx/CA.crt CRLfile: none

If you get these errors, you need to update how your package management tool accesses the NGINX Plus repository. Follow the instructions for your OS distribution:

  • Amazon Linux

    # yum install ca-certificates
    # rm -f /etc/yum.repos.d/nginx-plus-amazon.repo /etc/ssl/nginx/CA.crt
    # wget -O /etc/yum.repos.d/nginx-plus-amazon.repo
  • CentOS 5.10+ / Oracle Linux 5.10+ / RHEL 5.10+

    # yum install openssl
    # rm -f /etc/yum.repos.d/nginx-plus-5.repo /etc/ssl/nginx/CA.crt
    # wget -O /etc/yum.repos.d/nginx-plus-5.repo
  • CentOS 6.5+ / Oracle Linux 6.5+ / RHEL 6.5+

    # yum install ca-certificates
    # rm -f /etc/yum.repos.d/nginx-plus-6.repo /etc/ssl/nginx/CA.crt
    # wget -O /etc/yum.repos.d/nginx-plus-6.repo
  • CentOS 7.0+ / Oracle Linux 7.0+ / RHEL 7.0+

    # yum install ca-certificates
    # rm -f /etc/yum.repos.d/nginx-plus-7.repo /etc/ssl/nginx/CA.crt
    # wget -O /etc/yum.repos.d/nginx-plus-7.repo
  • Debian 7.0, 8.0

    # apt-get install ca-certificates
    # rm -f /etc/apt/apt.conf.d/90nginx /etc/ssl/nginx/CA.crt
    # wget -O /etc/apt/apt.conf.d/90nginx
  • FreeBSD 9.3, 10.1+

    # pkg install ca_root_nss
    # rm -f /etc/ssl/nginx/CA.crt
  • SLES 12, 12 SP1

    # zypper install ca-certificates
    # zypper rr nginx-plus
    # zypper addrepo -G -t yum -c '' nginx-plus
  • Ubuntu 12.04 LTS, 14.04 LTS, 15.10, 16.04 LTS

    # apt-get install ca-certificates
    # rm -f /etc/apt/apt.conf.d/90nginx /etc/ssl/nginx/CA.crt
    # wget -O /etc/apt/apt.conf.d/90nginx

The instructions at the NGINX Plus Customer Portal have been updated to reflect this change. If you have any questions, please contact our support team.

Hero image
Are Your Applications Secure?

Learn how to protect your apps with NGINX and NGINX Plus


Faisal Memon



F5, Inc. 是备受欢迎的开源软件 NGINX 背后的商业公司。我们为现代应用的开发和交付提供一整套技术。我们的联合解决方案弥合了 NetOps 和 DevOps 之间的横沟,提供从代码到用户的多云应用服务。访问 了解更多相关信息。