So, I got the ssl installed after importing the pem file in order (my crt, main ca and 2nd ca), but it shows that I have a broken chain in the SSL cert. Not sure what to do now since the key matches the crt for the server and it half works. This is the error I get:
https://www.sslshopper.com/ssl-checker.html#hostname=someonechat.me
Any Ideas?
Hi Chris,
After doing a quick look at your cert, it appears that you may have an intermediate that isn't needed and causing trust issues in the chain:
My-MacBook-Pro:~ dmaye$ openssl s_client -connect someonechat.me:443 CONNECTED(00000003) depth=0 /OU=GT82123503/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=someonechat.me verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /OU=GT82123503/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=someonechat.me verify error:num=27:certificate not trusted verify return:1 depth=0 /OU=GT82123503/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=someonechat.me verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/OU=GT82123503/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=someonechat.me i:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3 1 s:/C=US/O=GeoTrust, Inc./CN=RapidSSL CA i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority ---
Since you have two intermediates, you should try to remove one of them (keeping the primary and one intermediate) and import that into Server and see if that does the trick. If that doesn't work, check with your SSL provider and see what intermediate should be used with your primary cert.
As always, snap shot your instance before making changes and reboot the instance after importing the cert.
Cheers,
-David
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.