Not all web browsers trust SSL certificates. Intermediate not working?


Ben

My website https://uberdice.com looks fine to me, no SSL related errors or warnings.

However, some of my users have notified me that they are getting SSL related warnings. I believe I have everything installed correctly. Below you can see the apache2.conf file:

<VirtualHost *:443>
DocumentRoot /var/www/
ServerName uberdice.com
SSLEngine on
SSLCertificateFile /path/uberdice.com.crt 
SSLCertificateKeyFile /path/uberdice.com.key 
SSLCertificateChainFile /path/intermediate.crt 
</VirtualHost>

All files are in the same directory. I have also tried using the SSLCACertificateFile directive.

However, when I run the following check: https://www.sslshopper.com/ssl-checker.html#hostname=https://uberdice.com , it does n't seem to be able to connect to the root certificate. Presumably due to wrong intermediate certificate.

I'm using RapidSSL and using this bundled code for an intermediate certificate https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO26464 .

Does anyone know what's wrong?

thanks.

Steffen Ullrich

The intermediate certificate you are sending is wrong and only works in your browser because you have cached the correct certificate you get when visiting other websites using the same chain, or because the browser is actively downloading the missing certificate (Chrome on desktop Yes, Firefox can't) ).

Looking at the trust path information in SSLLabs ' analysis , you will see:

 Chain issues   Incomplete, Extra certs

That's what you need to fix, i.e. remove the wrong chain certificate and add the correct one. For more information, review the "Certificate Path" information in the analysis. In short: what you need is "RapidSSL SHA256 CA-G3", not "RapidSSL CA".

Related


Do browsers trust wildcard SSL certificates?

Paul J I've set up a development server where I need to test a lot of LAMP sites. Their domain names are in the following format: https://webapp1.test.example.com https://anotherwebapp.test.example.com https://anotherclientssite.test.example.com I want to get

Trust all SSL certificates in Java Playframework 2.2

asvignesh: I'm trying to call a web service (with a self-signed SSL certificate) in the Play framework using the following function: public static play.libs.F.Promise<Result> webcall() { String feedUrl = "https://10.0.1.1/client/api"; final play.

Trust all SSL certificates in Java Playframework 2.2

asvignesh: I'm trying to call a web service (with a self-signed SSL certificate) in the Play framework using the following function: public static play.libs.F.Promise<Result> webcall() { String feedUrl = "https://10.0.1.1/client/api"; final play.

Trust all SSL certificates in Java Playframework 2.2

Avines I'm trying to call a web service (with a self-signed SSL certificate) in the Play framework using the following function: public static play.libs.F.Promise<Result> webcall() { String feedUrl = "https://10.0.1.1/client/api"; final play.libs

Trust all SSL certificates in Java Playframework 2.2

asvignesh: I'm trying to call a web service (with a self-signed SSL certificate) in the Play framework using the following function: public static play.libs.F.Promise<Result> webcall() { String feedUrl = "https://10.0.1.1/client/api"; final play.

Do web browsers cache SSL certificates?

Lorin Hochstein Do any web browsers cache SSL server certificates? For example, if I change the SSL certificate on the web server, when all web browsers connect via SSL, will all browsers choose the new certificate, or maybe they have expired certificates? I'm

Do web browsers cache SSL certificates?

Lorin Hochstein Do any web browsers cache SSL server certificates? For example, if I change the SSL certificate on the web server, when all web browsers connect via SSL, will all browsers choose the new certificate, or maybe they have expired certificates? I'm

Do web browsers cache SSL certificates?

Lorin Hochstein Do any web browsers cache SSL server certificates? For example, if I change the SSL certificate on the web server, when all web browsers connect via SSL, will all browsers choose the new certificate, or maybe they have expired certificates? I'm

JAX-WS, trust all ssl certificates doesn't work

Clemens Yes, I know, I shouldn't trust all SSL certificates. However, since there is a VPN tunnel, and depending on the transition phase, different servers (with different SSL certificates) need to be requested, I prefer the ignore-server-ssl-certificate(s) ap

JAX-WS, trust all ssl certificates doesn't work

Clemens Yes, I know, I shouldn't trust all SSL certificates. However, since there is a VPN tunnel, and depending on the transition phase, different servers (with different SSL certificates) need to be requested, I prefer the ignore-server-ssl-certificate(s) ap

Trust all certificates with okHttp

seato: seato: For testing, I'm trying to add a socket factory to my okHttp client that trusts everything when setting up the proxy. This has been done many times, but my implementation of the trusted socket factory seems to be missing something: class TrustEve

Trust all certificates with okHttp

seato: seato: For testing, I'm trying to add a socket factory to my okHttp client that trusts everything when setting up the proxy. This has been done many times, but my implementation of the trusted socket factory seems to be missing something: class TrustEve

Trust all certificates with okHttp

seato: seato: For testing, I'm trying to add a socket factory to my okHttp client that trusts everything when setting up the proxy. This has been done many times, but my implementation of the trusted socket factory seems to be missing something: class TrustEve

Heroku SSL: Install intermediate certificates?

Paul Sanwald My registrar gandi gave me the intermediate certificate to install, so I have 3 files: Private key file (server.key) Certificate file (mycert.crt) Intermediate Certificate (GandiSomething.pem) I am using SSL Beta service on heroku . heroku CLI her

Heroku SSL: Install intermediate certificates?

Paul Sanwald My registrar gandi gave me the intermediate certificate to install, so I have 3 files: Private key file (server.key) Certificate file (mycert.crt) Intermediate Certificate (GandiSomething.pem) I am using SSL Beta service on heroku . heroku CLI her

Web app translation not working in all browsers

Rasmus Eskesen I have a web application that supports English and Danish. The user can change the language from the settings in the app. Language settings are stored in the database as "1" or "2" for English and Danish respectively. A text file containing all

Web app translation not working in all browsers

Rasmus Eskesen I have a web application that supports English and Danish. The user can change the language from the settings in the app. Language settings are stored in the database as "1" or "2" for English and Danish respectively. A text file containing all

Python SSL server serving intermediate CA certificates

light I'm writing some server code using the Python (2.7) SSL module as follows: ssock = ssl.wrap_socket(sock, ca_certs="all-ca.crt", keyfile="server.key", certfile="server.crt", server_side=True, ssl_version=ssl.PROTOCOL_TLSv1) 'all-ca.crt' contains the signi

Client-Side SSL with Intermediate Certificates

Naftuli Kay I have a self signed root certificate and an intermediate certificate signed by that root. Basically something like this: . └── master (CA) └── servant1 (CA) I have some client certificates from master->servant1certificate chain : . └── master

Python SSL server serving intermediate CA certificates

light I'm writing some server code using the Python (2.7) SSL module as follows: ssock = ssl.wrap_socket(sock, ca_certs="all-ca.crt", keyfile="server.key", certfile="server.crt", server_side=True, ssl_version=ssl.PROTOCOL_TLSv1) 'all-ca.crt' contains the signi

Client-Side SSL with Intermediate Certificates

Naftuli Kay I have a self signed root certificate and an intermediate certificate signed by that root. Basically something like this: . └── master (CA) └── servant1 (CA) I have some client certificates from master->servant1certificate chain : . └── master

Trust all certificates with HttpClient over HTTPS

Harrison Leigh: Recently posted a question about over HttpClientHttps ( found here ). I've made some progress, but I'm running into a new problem. As with my last question, I can't seem to find an example that works for me. Basically, I want my client to accep