Web Server Load Balancing with NGINX Plus

In our ongoing efforts to improve the security of our products, we’ve made a change that affects the way NGINX Plus is installed and updated. We are replacing the self‑signed certificate we previously used to secure the NGINX Plus repository with a certificate from GlobalSign, a well‑known and trusted Certificate Authority (CA). With a CA‑signed certificate, clients can now verify the certificate we present and be assured that the code they are downloading is from NGINX, Inc.

The next time you install or update NGINX Plus, you might see an error such as:

  • On Amazon Linux, CentOS, Oracle Linux, and RHEL:

    curl#60 - "Peer's certificate issuer has been marked as not trusted by the user."
  • On Debian and Ubuntu:

    server certificate verification failed. CAfile: /etc/ssl/nginx/CA.crt CRLfile: none

If you get these errors, you need to update how your package management tool accesses the NGINX Plus repository. Follow the instructions for your OS distribution:

  • Amazon Linux

    # yum install ca-certificates
    # rm -f /etc/yum.repos.d/nginx-plus-amazon.repo /etc/ssl/nginx/CA.crt
    # wget -O /etc/yum.repos.d/nginx-plus-amazon.repo
  • CentOS 5.10+ / Oracle Linux 5.10+ / RHEL 5.10+

    # yum install openssl
    # rm -f /etc/yum.repos.d/nginx-plus-5.repo /etc/ssl/nginx/CA.crt
    # wget -O /etc/yum.repos.d/nginx-plus-5.repo
  • CentOS 6.5+ / Oracle Linux 6.5+ / RHEL 6.5+

    # yum install ca-certificates
    # rm -f /etc/yum.repos.d/nginx-plus-6.repo /etc/ssl/nginx/CA.crt
    # wget -O /etc/yum.repos.d/nginx-plus-6.repo
  • CentOS 7.0+ / Oracle Linux 7.0+ / RHEL 7.0+

    # yum install ca-certificates
    # rm -f /etc/yum.repos.d/nginx-plus-7.repo /etc/ssl/nginx/CA.crt
    # wget -O /etc/yum.repos.d/nginx-plus-7.repo
  • Debian 7.0, 8.0

    # apt-get install ca-certificates
    # rm -f /etc/apt/apt.conf.d/90nginx /etc/ssl/nginx/CA.crt
    # wget -O /etc/apt/apt.conf.d/90nginx
  • FreeBSD 9.3, 10.1+

    # pkg install ca_root_nss
    # rm -f /etc/ssl/nginx/CA.crt
  • SLES 12, 12 SP1

    # zypper install ca-certificates
    # zypper rr nginx-plus
    # zypper addrepo -G -t yum -c '' nginx-plus
  • Ubuntu 12.04 LTS, 14.04 LTS, 15.10, 16.04 LTS

    # apt-get install ca-certificates
    # rm -f /etc/apt/apt.conf.d/90nginx /etc/ssl/nginx/CA.crt
    # wget -O /etc/apt/apt.conf.d/90nginx

The instructions at the NGINX Plus Customer Portal have been updated to reflect this change. If you have any questions, please contact our support team.

Hero image
Are Your Applications Secure?

Learn how to protect your apps with NGINX and NGINX Plus

About The Author

Faisal Memon

Software Engineer

About F5 NGINX

F5, Inc. is the company behind NGINX, the popular open source project. We offer a suite of technologies for developing and delivering modern applications. Together with F5, our combined solution bridges the gap between NetOps and DevOps, with multi-cloud application services that span from code to customer.

Learn more at or join the conversation by following @nginx on Twitter.