how do i install intermediate certificate

Posted by getmizanur on Server Fault See other posts from Server Fault or by getmizanur
Published on 2012-05-30T04:47:58Z Indexed on 2012/06/03 22:42 UTC
Read the original article Hit count: 261

Filed under:
|
|

I have installed private key (pem encoded) and public key certificate (pem encoded) on amazon load balancer however when i check the ssl with site test tool (http://www.networking4all.com/en/support/tools/site+check/), i get the following error

Error while checking the SSL Certificate!! Unable to get the local issuer of the certificate. The issuer of a locally looked up certificate could not be found. Normally this indicates that not all intermediate certificates are installed on the server.

i converted crt file to pem using these command from this tutorial

openssl x509 -in input.crt -out input.der -outform DER
openssl x509 -in input.der -inform DER -out output.pem -outform PEM

during setting up of amazon load balancer only option i left out was certificate chain (pem encoded) however this was optional. could this be cause of my issue? and if so i how do i create certificate chain? for the last question i have tried googling however i'm getting more confused than before.

please help

many thanks in advance.

UPDATE

@all thanks for the helpful advice. if you make request to verisign they will give you a certificate chain however this chain includes public crt, intermediate crt and root crt. make sure to remove the public crt from your certificate chain (which is the top most certificate) before adding it to your certification chain box of your amazon load balancer.

if you are making https request from an android app then above instruction may not work for older android os such as 2.1 and 2.2. to make it work on older android os [https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR657&actp=LIST&viewlocale=en_US]. on this link click on "retail ssl" tab and then click on "secure site" > "CA Bundle for Apache Server". copy and past these intermediate certs into certificate chain box. just incase if you have not found it here is the direct link [https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR1409]

if you are using geo trust certificates then solution is much the same for android devices however you need to copy and past their intermediate certs for android.

PS: sorry for the long urls however "new users can only post a maximum of two hyperlinks"

© Server Fault or respective owner

Related posts about amazon-ec2

Related posts about ssl