SSL : The certificate is not trusted because no issuer chain was provided
Problem :
While installing SSL for my nginx server today. Firefox decided to issue warning about the new SSL certificates but not Chrome, Safari, IE, etc.
www.domain.com uses an invalid security certificate.
The certificate is not trusted because no issuer chain was provided.
(Error code: sec_error_unknown_issuer)
Firefox is complaining about the security certificate invalidity because there is no issuer chain ? Now, what the heck is no issuer chain
?
Diagnostic :
Apparently, when I activated SSL, my certificate provider did supplied me with all the required files; however, during installation.... I only use this crt
file in the nginx configuration
ssl_certificate /usr/ssl/domain.crt;
Solution :
Need to combine all the given crt
files into a bundle with the cat
command
cat domain.crt COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt
then change the nginx's SSL configuration to :
ssl_certificate /usr/ssl/ssl-bundle.crt;
restart nginx server and voila! Firefox no longer issue warning message.
You can test out if the chain certificate is working or not with http://www.sslshopper.com/ssl-checker.html
If everything is fine, you should see all green arrows connecting the chain icons pointing downward.
Reference :
Good read on this subject at http://www.sslshopper.com/ssl-certificate-not-trusted-error.html
See also : nginx: [emerg] unknown directive "ssl"
By Adam Ng
IF you gain some knowledge or the information here solved your programming problem. Please consider donating to the less fortunate or some charities that you like. Apart from donation, planting trees, volunteering or reducing your carbon footprint will be great too.
Advertisement
Tutorials
+13.3k Generate salted password with OpenSSL example
+9k Golang : Generate random Chinese, Japanese, Korean and other runes
+4.4k MariaDB/MySQL : How to get version information
+11.6k Golang : Setup API server or gateway with Caddy and http.ListenAndServe() function example
+13.2k Facebook PHP getUser() returns 0
+23.2k Golang : minus time with Time.Add() or Time.AddDate() functions to calculate past date
+12.2k Golang : "https://" not allowed in import path
+8.1k Useful methods to access blocked websites
+34.2k Golang : Smarter Error Handling with strings.Contains()
+19.6k Golang : How to run your code only once with sync.Once object
+22.8k Golang : Read a file into an array or slice example