SSL : The certificate is not trusted because no issuer chain was provided
Problem :
While installing SSL for my nginx server today. Firefox decided to issue warning about the new SSL certificates but not Chrome, Safari, IE, etc.
www.domain.com uses an invalid security certificate.
The certificate is not trusted because no issuer chain was provided.
(Error code: sec_error_unknown_issuer)
Firefox is complaining about the security certificate invalidity because there is no issuer chain ? Now, what the heck is no issuer chain
?
Diagnostic :
Apparently, when I activated SSL, my certificate provider did supplied me with all the required files; however, during installation.... I only use this crt
file in the nginx configuration
ssl_certificate /usr/ssl/domain.crt;
Solution :
Need to combine all the given crt
files into a bundle with the cat
command
cat domain.crt COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt
then change the nginx's SSL configuration to :
ssl_certificate /usr/ssl/ssl-bundle.crt;
restart nginx server and voila! Firefox no longer issue warning message.
You can test out if the chain certificate is working or not with http://www.sslshopper.com/ssl-checker.html
If everything is fine, you should see all green arrows connecting the chain icons pointing downward.
Reference :
Good read on this subject at http://www.sslshopper.com/ssl-certificate-not-trusted-error.html
See also : nginx: [emerg] unknown directive "ssl"
By Adam Ng
IF you gain some knowledge or the information here solved your programming problem. Please consider donating to the less fortunate or some charities that you like. Apart from donation, planting trees, volunteering or reducing your carbon footprint will be great too.
Advertisement
Tutorials
+6.9k Golang : Regular Expression find string example
+14.9k Golang : Generate QR codes for Google Authenticator App and fix "Cannot interpret QR code" error
+4.9k PHP : How to handle URI or URL with non-ASCII characters such as Chinese/Japanese/Korean(CJK) ?
+4.4k PHP : Hide PHP version information from curl
+12.1k Golang : Date and Time formatting
+5.7k Unix/Linux : How to fix CentOS yum duplicate glibc or device-mapper-libs dependency error?
+6.7k Golang : Ways to recover memory during run time.
+5k Golang : How to write backslash in string?
+6k Golang : Transform lisp or spinal case to Pascal case example
+13.4k Golang : Get URI segments by number and assign as variable example
+14.9k Golang : convert string or integer to big.Int type
+19.2k Golang : Pipe output from one os.Exec(shell command) to another command