fduran

Firefox RapidSSL certificate problem

May 19th, 2011
1,931
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # www.fduran.com
  2.  
  3. For RapidSSL certificates Firefox warns "The certificate is not trusted because the issuer certificate is unknown.".
  4.  
  5. The issue seems to be that RapidSSL has introduced recently a <a href="https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=AD239">new intermediate certificate authority</a>.
  6.  
  7.  
  8. The site's certificate can be tested from <a href="https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO9556&actp=LIST&viewlocale=en_US">this page<a/> of theirs.
  9.  
  10. That shows rror: "Invalid Chain, example.com failed for the following reasons:  The intermediate CA certificate cannot be found for the following certificate chain.".
  11.  
  12. The solution is to add this new RappidSSL intermediate certificate to the server.
  13.  
  14. Add to the Apache SSL configuration (ex /etc/apache2/sites-enabled/default-ssl ) the directive:
  15.  
  16. SSLCACertificateFile /etc/apache2/ssl.crt/intermediate.crt
  17.  
  18. and copy the contents of <a href="https://knowledge.rapidssl.com/library/VERISIGN/ALL_OTHER/RapidSSL%20Intermediate/RapidSSL_CA_bundle.pem into that new file /etc/apache2/ssl.crt/intermediate.crt ">their intermediate certificate</a>
  19.  
  20. Restart apache (/etc/init.d/apache2 restart)
RAW Paste Data