Solved

Firefox says my SSL  website is not to be trusted, but IE, Chrome, Safari do

Posted on 2013-01-22
7
1,033 Views
Last Modified: 2013-01-23
I have a virtual private server running my ecommerce website the SSL certificate has been there for about a 2 years with another year to go before the SSL certificate expires. Lots of orders
but occasionally I get a customer saying they get a message saying not to trust the site due tbecause it can't be verified.
the message is:
"The certificate is not trusted because no issuer chain was provided."
looking at the web it talks about the Issuer chain not being specified, I use Linux with a Plesk control panel and installing the SSL certificate is very easy with no options.

and on IE, Chrome, Safari there is NO problem, works correctly.

does anyone know what I have to do to my website to get the Issuer chain recognized?
0
Comment
Question by:chilternPC
  • 3
  • 3
7 Comments
 
LVL 28

Expert Comment

by:becraig
ID: 38808148
This is not your problem as such.

This is on the client side, the cert chain is a such:

Issuer - e.g Verisign etc
CA - e.g. an intermediate cert which "should" be publicly trusted
Your cert.

Firefox should store the CA from your chain when it's provided this might be a glitch with FF.
0
 
LVL 10

Accepted Solution

by:
ddiazp earned 250 total points
ID: 38808307
You're probably missing an intermediate certificate from the issuer. You should have received the intermediate certificate along with your web server certificate when you bought it. You need to use openssl (best tool to do this) to 'chain' them together

Unfortunately, plesk doesn't have tools for you to do this, so you should download:

-Web server certificate
-intermediate certs issued by your CA (could be 1, 2 inter certs)
-root ca cert

into a single location, download and install openssl and follow the instructions here:

http://help.globalscape.com/help/eft6/Certificate_Chaining.htm

You should end up with a single chain certificate that includes all 3 certs and that's the one you'll publish
0
 
LVL 28

Expert Comment

by:becraig
ID: 38808319
Here is additional info on actually installing from a plesk control panel:


http://support.godaddy.com/help/article/5242/installing-an-ssl-certificate-in-parallels-plesk-panel

If your cert is from a trusted authority there is very little chance one of the certs in your chain would be missing from the local cert store on your webserver however the above link should give you an easy walkthrough.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 10

Expert Comment

by:ddiazp
ID: 38808327
He doesn't need help installing the cert via plesk as he's already done that. He needs to chain his cert to the intermediate certs issued by the CA.

@OP, what CA did you get the cert. from?
0
 
LVL 28

Assisted Solution

by:becraig
becraig earned 250 total points
ID: 38808338
I am guessing you did not read the link before commenting on what the link says ?

About the Intermediate Certificate
Before you install your issued SSL certificate, you must install our intermediate certificate on your Web server. Intermediate certificates provide an added level of security because the Certification Authority (CA) does not need to issue certificates directly from the CA root certificate.

An intermediate certificate is a subordinate certificate issued by the trusted root specifically to issue end-entity server certificates. The result is a trust-chain that begins at the trusted root CA, through the intermediate, and finally ending with the SSL certificate issued to you. Such certificates are called "chained root certificates."

You can download the intermediate/root certificate bundle — (gd_bundle.crt) — from our repository.

I do think identifying the CA certs in the chain would help.

@chilternPC
Double click on your certificate and go to the certification path tab
There you will see the chain:
At the top is the root cert and at the bottom is your cert
In the middle are the CA - Intermediate certs.

Those are the ones you want to install (if they are missing from your server)
0
 
LVL 10

Expert Comment

by:ddiazp
ID: 38808352
You're right, i didn't even bother to open the link as i'd assume the info would be useless - but keep in mind what it says on that link, and what you quoted, i had already pointed out
0
 
LVL 28

Author Closing Comment

by:chilternPC
ID: 38809839
Thank you people. I contacted my host and somehow the CA part was missing  so they sent that part over and I've installed it.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now