SSL Issue - Broken Chain

So, I got the ssl installed after importing the pem file in order (my crt, main ca and 2nd ca), but it shows that I have a broken chain in the SSL cert.  Not sure what to do now since the key matches the crt for the server and it half works.  This is the error I get:

The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate.


Any Ideas?

1 answer

0 vote
David Maye Atlassian Team Feb 24, 2015

Hi Chris,

After doing a quick look at your cert, it appears that you may have an intermediate that isn't needed and causing trust issues in the chain:



My-MacBook-Pro:~ dmaye$ openssl s_client -connect
depth=0 /OU=GT82123503/OU=See (c)15/OU=Domain Control Validated - RapidSSL(R)/
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /OU=GT82123503/OU=See (c)15/OU=Domain Control Validated - RapidSSL(R)/
verify error:num=27:certificate not trusted
verify return:1
depth=0 /OU=GT82123503/OU=See (c)15/OU=Domain Control Validated - RapidSSL(R)/
verify error:num=21:unable to verify the first certificate
verify return:1
Certificate chain
 0 s:/OU=GT82123503/OU=See (c)15/OU=Domain Control Validated - RapidSSL(R)/
   i:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
 1 s:/C=US/O=GeoTrust, Inc./CN=RapidSSL CA
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority

Since you have two intermediates, you should try to remove one of them (keeping the primary and one intermediate) and import that into Server and see if that does the trick. If that doesn't work, check with your SSL provider and see what intermediate should be used with your primary cert.

As always, snap shot your instance before making changes and reboot the instance after importing the cert.




Suggest an answer

Log in or Join to answer
Community showcase
Maarten Cautreels
Published Oct 07, 2017 in Hipchat

Bringing Structure to your HipChat Instance

...have mention name FirstnameLastname. Fe.: @MaartenCautreels This certainly helps to know who is being mentioned in a conversation. Imagine your colleague sends the following message...

467 views 1 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot