SSL : The certificate is not trusted because no issuer chain was provided



Tags : ssl

Problem :

While installing SSL for my nginx server today. Firefox decided to issue warning about the new SSL certificates but not Chrome, Safari, IE, etc.

 www.domain.com uses an invalid security certificate.
 The certificate is not trusted because no issuer chain was provided.
 (Error code: sec_error_unknown_issuer)

Firefox is complaining about the security certificate invalidity because there is no issuer chain ? Now, what the heck is no issuer chain ?

Diagnostic :

Apparently, when I activated SSL, my certificate provider did supplied me with all the required files; however, during installation.... I only use this crt file in the nginx configuration

ssl_certificate /usr/ssl/domain.crt;

Solution :

Need to combine all the given crt files into a bundle with the cat command

 cat domain.crt COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt

then change the nginx's SSL configuration to :

ssl_certificate /usr/ssl/ssl-bundle.crt;

restart nginx server and voila! Firefox no longer issue warning message.

You can test out if the chain certificate is working or not with http://www.sslshopper.com/ssl-checker.html

If everything is fine, you should see all green arrows connecting the chain icons pointing downward.

Reference :

Good read on this subject at http://www.sslshopper.com/ssl-certificate-not-trusted-error.html

  See also : nginx: [emerg] unknown directive "ssl"



Tags : ssl

By Adam Ng

IF you gain some knowledge or the information here solved your programming problem. Please consider donating to the less fortunate or some charities that you like. Apart from donation, planting trees, volunteering or reducing your carbon footprint will be great too.


Advertisement