It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

SSL Issue - Broken Chain

So, I got the ssl installed after importing the pem file in order (my crt, main ca and 2nd ca), but it shows that I have a broken chain in the SSL cert.  Not sure what to do now since the key matches the crt for the server and it half works.  This is the error I get:

The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate.

https://www.sslshopper.com/ssl-checker.html#hostname=someonechat.me

 

https://someonechat.me/

 

Any Ideas?

1 answer

0 votes
David Maye Atlassian Team Feb 24, 2015

Hi Chris,

After doing a quick look at your cert, it appears that you may have an intermediate that isn't needed and causing trust issues in the chain:

 

 

My-MacBook-Pro:~ dmaye$ openssl s_client -connect someonechat.me:443
CONNECTED(00000003)
depth=0 /OU=GT82123503/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=someonechat.me
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /OU=GT82123503/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=someonechat.me
verify error:num=27:certificate not trusted
verify return:1
depth=0 /OU=GT82123503/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=someonechat.me
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/OU=GT82123503/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=someonechat.me
   i:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
 1 s:/C=US/O=GeoTrust, Inc./CN=RapidSSL CA
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---

Since you have two intermediates, you should try to remove one of them (keeping the primary and one intermediate) and import that into Server and see if that does the trick. If that doesn't work, check with your SSL provider and see what intermediate should be used with your primary cert.

As always, snap shot your instance before making changes and reboot the instance after importing the cert.

Cheers,
-David

 

 

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published Nov 14, 2018 in Hipchat Cloud

Hipchat Cloud and Stride have reached End of Life (updated)

All good things come to an end - thanks to all our customers and partners who have been along the Hipchat and Stride journey with us.  As of Feb 15th 2019, Hipchat Cloud and Stride have reached ...

32,921 views 7 8
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you