Solved

Firefox says my SSL  website is not to be trusted, but IE, Chrome, Safari do

Posted on 2013-01-22
7
1,073 Views
Last Modified: 2013-01-23
I have a virtual private server running my ecommerce website the SSL certificate has been there for about a 2 years with another year to go before the SSL certificate expires. Lots of orders
but occasionally I get a customer saying they get a message saying not to trust the site due tbecause it can't be verified.
the message is:
"The certificate is not trusted because no issuer chain was provided."
looking at the web it talks about the Issuer chain not being specified, I use Linux with a Plesk control panel and installing the SSL certificate is very easy with no options.

and on IE, Chrome, Safari there is NO problem, works correctly.

does anyone know what I have to do to my website to get the Issuer chain recognized?
0
Comment
Question by:chilternPC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 38808148
This is not your problem as such.

This is on the client side, the cert chain is a such:

Issuer - e.g Verisign etc
CA - e.g. an intermediate cert which "should" be publicly trusted
Your cert.

Firefox should store the CA from your chain when it's provided this might be a glitch with FF.
0
 
LVL 10

Accepted Solution

by:
ddiazp earned 250 total points
ID: 38808307
You're probably missing an intermediate certificate from the issuer. You should have received the intermediate certificate along with your web server certificate when you bought it. You need to use openssl (best tool to do this) to 'chain' them together

Unfortunately, plesk doesn't have tools for you to do this, so you should download:

-Web server certificate
-intermediate certs issued by your CA (could be 1, 2 inter certs)
-root ca cert

into a single location, download and install openssl and follow the instructions here:

http://help.globalscape.com/help/eft6/Certificate_Chaining.htm

You should end up with a single chain certificate that includes all 3 certs and that's the one you'll publish
0
 
LVL 29

Expert Comment

by:becraig
ID: 38808319
Here is additional info on actually installing from a plesk control panel:


http://support.godaddy.com/help/article/5242/installing-an-ssl-certificate-in-parallels-plesk-panel

If your cert is from a trusted authority there is very little chance one of the certs in your chain would be missing from the local cert store on your webserver however the above link should give you an easy walkthrough.
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 
LVL 10

Expert Comment

by:ddiazp
ID: 38808327
He doesn't need help installing the cert via plesk as he's already done that. He needs to chain his cert to the intermediate certs issued by the CA.

@OP, what CA did you get the cert. from?
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 250 total points
ID: 38808338
I am guessing you did not read the link before commenting on what the link says ?

About the Intermediate Certificate
Before you install your issued SSL certificate, you must install our intermediate certificate on your Web server. Intermediate certificates provide an added level of security because the Certification Authority (CA) does not need to issue certificates directly from the CA root certificate.

An intermediate certificate is a subordinate certificate issued by the trusted root specifically to issue end-entity server certificates. The result is a trust-chain that begins at the trusted root CA, through the intermediate, and finally ending with the SSL certificate issued to you. Such certificates are called "chained root certificates."

You can download the intermediate/root certificate bundle — (gd_bundle.crt) — from our repository.

I do think identifying the CA certs in the chain would help.

@chilternPC
Double click on your certificate and go to the certification path tab
There you will see the chain:
At the top is the root cert and at the bottom is your cert
In the middle are the CA - Intermediate certs.

Those are the ones you want to install (if they are missing from your server)
0
 
LVL 10

Expert Comment

by:ddiazp
ID: 38808352
You're right, i didn't even bother to open the link as i'd assume the info would be useless - but keep in mind what it says on that link, and what you quoted, i had already pointed out
0
 
LVL 29

Author Closing Comment

by:chilternPC
ID: 38809839
Thank you people. I contacted my host and somehow the CA part was missing  so they sent that part over and I've installed it.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question