Firefox does not load certificate chain

Posted by TimWolla on Server Fault See other posts from Server Fault or by TimWolla
Published on 2012-01-03T21:16:39Z Indexed on 2012/12/15 5:09 UTC
Read the original article Hit count: 527

Filed under:
|
|
|

I'm running lighttpd/1.4.28 (ssl) on Debian Squeeze. I just created a http://startssl.com certificate, I runs fine at all of my Browsers (Firefox, Chrome, Opera), but my users are reporting certificate-errors in Firefox. I already nailed it down to a failing of loading of the certificate chain:

Certificate at my Firefox: http://i.stack.imgur.com/moR5x.png
Certificate at others Firefox: http://i.stack.imgur.com/ZVoIu.png (Note the missing StartCOM-certificates here)

I followed this tutorial for embedding the certificate in my lighttpd: https://forum.startcom.org/viewtopic.php?t=719

The relevant parts of my lighttpd.conf look like this:

$SERVER["socket"] == ":443" {
        ssl.engine = "enable"
        ssl.ca-file = "/etc/lighttpd/certs/ca-bundle.pem"
        ssl.pemfile = "/etc/lighttpd/certs/www.bisaboard.crt"
}

ca-bundle.pem was created like this: cat ca.pem sub.class1.server.ca.pem > ca-bundle.pem
I grabbed the relevant files from here: http://www.startssl.com/certs/

www.bisaboard.crt was created like this: cat certificate.pem ssl.key > www.bisaboard.crt
Where certificate.pem is my StartSSL-Class1 Certificate and ssl.key my SSL-Root-Key.

Do you have any idea why the second Firefox does not correctly load the certificate-chain?

© Server Fault or respective owner

Related posts about ssl

Related posts about lighttpd