SSL Issue - Broken Chain

So, I got the ssl installed after importing the pem file in order (my crt, main ca and 2nd ca), but it shows that I have a broken chain in the SSL cert.  Not sure what to do now since the key matches the crt for the server and it half works.  This is the error I get:

The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate.

https://www.sslshopper.com/ssl-checker.html#hostname=someonechat.me

 

https://someonechat.me/

 

Any Ideas?

1 answer

0 votes
David Maye Atlassian Team Feb 24, 2015

Hi Chris,

After doing a quick look at your cert, it appears that you may have an intermediate that isn't needed and causing trust issues in the chain:

 

 

My-MacBook-Pro:~ dmaye$ openssl s_client -connect someonechat.me:443
CONNECTED(00000003)
depth=0 /OU=GT82123503/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=someonechat.me
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /OU=GT82123503/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=someonechat.me
verify error:num=27:certificate not trusted
verify return:1
depth=0 /OU=GT82123503/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=someonechat.me
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/OU=GT82123503/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=someonechat.me
   i:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
 1 s:/C=US/O=GeoTrust, Inc./CN=RapidSSL CA
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---

Since you have two intermediates, you should try to remove one of them (keeping the primary and one intermediate) and import that into Server and see if that does the trick. If that doesn't work, check with your SSL provider and see what intermediate should be used with your primary cert.

As always, snap shot your instance before making changes and reboot the instance after importing the cert.

Cheers,
-David

 

 

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Aug 10, 2018 in Hipchat

What should I think about when migrating HipChat to Slack?

...from the beginning. We have built up a lot of content in HipChat, with it being a core tool in our distributed company model. While it is true that we didn’t need to move to Slack immediately, we felt it...

593 views 2 11
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you