4

I installed a GoDaddy SSL onto a virtual server using Plesk. GoDaddy mentioned that I would have to install an "intermediate" certificate in addition to the normal one.

I thought that the "intermediate" certificate is all that I would need to make browsers recognize the SSL, but when I type in my site with https:// in front of it, Chrome, Firefox, and IE all give a warning about how the SSL is not trusted.

GoDaddy said that the intermediate was called gd_bundle.crt and that it needed to be placed in the CA certificate field. I did this, and I also installed what I believe to be the normal SSL in the certificate field.

Anyway, I'm still getting the warning on all 3 browsers. Any idea what I can do to avoid getting the warnings?

Thanks in advance,

John

John
  • 257
  • 3
  • 5
  • 8

3 Answers3

3

You shouldn't put an intermediate certificate in the CA Certificate field, that'll break your certificate trust chain.

The intermediate certificate should be appended in the .crt file for your cert BEFORE your actual certificate in order to respect the chain, so both should be in one file and show in order.

lynxman
  • 9,157
  • 3
  • 24
  • 28
  • 1
    before or after depends on the actual server. on nginx the bundle must come after the site cert: http://nginx.org/en/docs/http/configuring_https_servers.html#chains – Attila Lendvai Apr 13 '14 at 08:38
2

Check the site at http://www.sslshopper.com/ssl-checker.html to make sure it is giving out the Intermediate certificates. If it is not, try following the guide for installing SSL certs in Plesk: http://download1.swsoft.com/Plesk/Plesk8.1/Doc/plesk-8.1-unix-administrators-guide/

Robert
  • 1,575
  • 7
  • 7
1

You don't mention what web server you are using.

With Apache you use the SSLCertificateChainFile directive e.g.

SSLCertificateChainFile /etc/httpd/certs/gd_bundle.crt
hellomynameisjoel
  • 2,170
  • 1
  • 18
  • 23
  • I'm facing this issue too. Some visitors to my website https://www.matiasmasso.es are reporting they see my GoDaddy SSL certificate as untrusted on Google Chrome, while some others see it trusted. Web server is Microsoft IIS 10.0 and I checked it successfully on http://www.sslshopper.com/ssl-checker.html . Any clues about what is happening? – Matias Masso May 11 '20 at 11:06