Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1150
  • Last Modified:

Firefox says my SSL website is not to be trusted, but IE, Chrome, Safari do

I have a virtual private server running my ecommerce website the SSL certificate has been there for about a 2 years with another year to go before the SSL certificate expires. Lots of orders
but occasionally I get a customer saying they get a message saying not to trust the site due tbecause it can't be verified.
the message is:
"The certificate is not trusted because no issuer chain was provided."
looking at the web it talks about the Issuer chain not being specified, I use Linux with a Plesk control panel and installing the SSL certificate is very easy with no options.

and on IE, Chrome, Safari there is NO problem, works correctly.

does anyone know what I have to do to my website to get the Issuer chain recognized?
0
chilternPC
Asked:
chilternPC
  • 3
  • 3
2 Solutions
 
becraigCommented:
This is not your problem as such.

This is on the client side, the cert chain is a such:

Issuer - e.g Verisign etc
CA - e.g. an intermediate cert which "should" be publicly trusted
Your cert.

Firefox should store the CA from your chain when it's provided this might be a glitch with FF.
0
 
ddiazpCommented:
You're probably missing an intermediate certificate from the issuer. You should have received the intermediate certificate along with your web server certificate when you bought it. You need to use openssl (best tool to do this) to 'chain' them together

Unfortunately, plesk doesn't have tools for you to do this, so you should download:

-Web server certificate
-intermediate certs issued by your CA (could be 1, 2 inter certs)
-root ca cert

into a single location, download and install openssl and follow the instructions here:

http://help.globalscape.com/help/eft6/Certificate_Chaining.htm

You should end up with a single chain certificate that includes all 3 certs and that's the one you'll publish
0
 
becraigCommented:
Here is additional info on actually installing from a plesk control panel:


http://support.godaddy.com/help/article/5242/installing-an-ssl-certificate-in-parallels-plesk-panel

If your cert is from a trusted authority there is very little chance one of the certs in your chain would be missing from the local cert store on your webserver however the above link should give you an easy walkthrough.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
ddiazpCommented:
He doesn't need help installing the cert via plesk as he's already done that. He needs to chain his cert to the intermediate certs issued by the CA.

@OP, what CA did you get the cert. from?
0
 
becraigCommented:
I am guessing you did not read the link before commenting on what the link says ?

About the Intermediate Certificate
Before you install your issued SSL certificate, you must install our intermediate certificate on your Web server. Intermediate certificates provide an added level of security because the Certification Authority (CA) does not need to issue certificates directly from the CA root certificate.

An intermediate certificate is a subordinate certificate issued by the trusted root specifically to issue end-entity server certificates. The result is a trust-chain that begins at the trusted root CA, through the intermediate, and finally ending with the SSL certificate issued to you. Such certificates are called "chained root certificates."

You can download the intermediate/root certificate bundle — (gd_bundle.crt) — from our repository.

I do think identifying the CA certs in the chain would help.

@chilternPC
Double click on your certificate and go to the certification path tab
There you will see the chain:
At the top is the root cert and at the bottom is your cert
In the middle are the CA - Intermediate certs.

Those are the ones you want to install (if they are missing from your server)
0
 
ddiazpCommented:
You're right, i didn't even bother to open the link as i'd assume the info would be useless - but keep in mind what it says on that link, and what you quoted, i had already pointed out
0
 
chilternPCAuthor Commented:
Thank you people. I contacted my host and somehow the CA part was missing  so they sent that part over and I've installed it.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now