SSL Issue - Broken Chain

So, I got the ssl installed after importing the pem file in order (my crt, main ca and 2nd ca), but it shows that I have a broken chain in the SSL cert.  Not sure what to do now since the key matches the crt for the server and it half works.  This is the error I get:

The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate.

https://www.sslshopper.com/ssl-checker.html#hostname=someonechat.me

 

https://someonechat.me/

 

Any Ideas?

1 answer

0 vote
David Maye Atlassian Team Feb 24, 2015

Hi Chris,

After doing a quick look at your cert, it appears that you may have an intermediate that isn't needed and causing trust issues in the chain:

 

 

My-MacBook-Pro:~ dmaye$ openssl s_client -connect someonechat.me:443
CONNECTED(00000003)
depth=0 /OU=GT82123503/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=someonechat.me
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /OU=GT82123503/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=someonechat.me
verify error:num=27:certificate not trusted
verify return:1
depth=0 /OU=GT82123503/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=someonechat.me
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/OU=GT82123503/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=someonechat.me
   i:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
 1 s:/C=US/O=GeoTrust, Inc./CN=RapidSSL CA
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---

Since you have two intermediates, you should try to remove one of them (keeping the primary and one intermediate) and import that into Server and see if that does the trick. If that doesn't work, check with your SSL provider and see what intermediate should be used with your primary cert.

As always, snap shot your instance before making changes and reboot the instance after importing the cert.

Cheers,
-David

 

 

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Jun 19, 2018 in Hipchat

Moving from Hipchat to Stride? Here’s what you’ll love

Heya, Hipchat friends! We’re so happy you’re checking out   Stride. Whether you know it or not, you have been instrumental in making Stride come to life. Every feature, design, and functionality...

17,413 views 4 9
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you