Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : ChainedSSL is not accepted by any browser

[null]

After installation of the SSL cert (Cpanel) I always get a message in IE (look at the attached picture)

Is there any configuration that I missed?

Thanks

[hostbox]

You didn't configured it correctly...

[null]

Could you help me to configure it?

What changes should I make?

[trustedurl.com]

Quote:

Originally posted by null
Could you help me to configure it?

What changes should I make?

you probably need to add this to httpd.conf

SSLCACertificateFile /usr/share/ssl/certs/cabundle

(change cabundle to whatever you called it).

SSLCACertificateFile Directive
Description: File of concatenated PEM-encoded CA Certificates for Client Auth
Syntax: SSLCACertificateFile file-path
Context: server config, virtual host
Status: Extension
Module: mod_ssl

This directive sets the all-in-one file where you can assemble the Certificates of Certification Authorities (CA) whose clients you deal with. These are used for Client Authentication. Such a file is simply the concatenation of the various PEM-encoded Certificate files, in order of preference. This can be used alternatively and/or additionally to SSLCACertificatePath.

Example
SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/ca-bundle-client.crt

[torwill]

or use ssl manager in WHM, copy/paste ca-bundle to the matching column

[null]

Thanks, but where can I get ca-bundle? Could you give me more info on it?

[torwill]

get it from where you got the SSL cert.

freessl: http://www.freessl.com/chainedssl/ch...stallcert.html

[SSL Guru]

In my experience, one thing about CPanel is its inability to locate the correct intermediate certificate to form a chain.

As previously suggested, editing the httpd.conf file directly is always the best method with CPanel.

[null]

Thanks for the link torwill

I edited httpd.conf and it works great!

null

[saint1959]

I am having the same problem with a chainedSSL cert. This is my first time buying a cert from them. If followed all of the instructions above but still have the problem. Is there anything else that needs to be done. I added the SSLCACertificateFile /usr/share/ssl/certs/mycabundle text to httpd.conf but the error remains. I did restart httpd.conf several times and did refresh the browser and then even tried accessing the site via SSL on another computer and still got the popup warning about the cert not being trusted. Any one know of anything else that must be done for the ChainedSSL cert to not show this error to each user? Thanks.