Firefox does not load certificate chain
Posted
by
TimWolla
on Server Fault
See other posts from Server Fault
or by TimWolla
Published on 2012-01-03T21:16:39Z
Indexed on
2012/12/15
5:09 UTC
Read the original article
Hit count: 527
I'm running lighttpd/1.4.28 (ssl)
on Debian Squeeze. I just created a http://startssl.com certificate, I runs fine at all of my Browsers (Firefox, Chrome, Opera), but my users are reporting certificate-errors in Firefox. I already nailed it down to a failing of loading of the certificate chain:
Certificate at my Firefox: http://i.stack.imgur.com/moR5x.png
Certificate at others Firefox: http://i.stack.imgur.com/ZVoIu.png (Note the missing StartCOM-certificates here)
I followed this tutorial for embedding the certificate in my lighttpd: https://forum.startcom.org/viewtopic.php?t=719
The relevant parts of my lighttpd.conf look like this:
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.ca-file = "/etc/lighttpd/certs/ca-bundle.pem"
ssl.pemfile = "/etc/lighttpd/certs/www.bisaboard.crt"
}
ca-bundle.pem was created like this: cat ca.pem sub.class1.server.ca.pem > ca-bundle.pem
I grabbed the relevant files from here: http://www.startssl.com/certs/
www.bisaboard.crt was created like this: cat certificate.pem ssl.key > www.bisaboard.crt
Where certificate.pem is my StartSSL-Class1 Certificate and ssl.key my SSL-Root-Key.
Do you have any idea why the second Firefox does not correctly load the certificate-chain?
© Server Fault or respective owner