0

I have another question where I ask about an SSL problem I'm having. One commenter asked, "Are the root CA and intermediate CA also in place?"

I understand that CA stands for Certificate Authority, and I have a vague understanding of what a root CA and intermediate CA are. What I'm totally clueless about is how I can tell for sure if the root CA (and intermediate CA) are in place. How can I tell?

Community
  • 1
Jason Swett
  • 1,458
  • 4
  • 23
  • 37
  • SSL Shopper have a test utility here - http://www.sslshopper.com/ssl-checker.html - you put in your website address, and it checks the SSL certificate chain and says if it's setup properly or not, and where it's broken. – TessellatingHeckler Mar 16 '14 at 15:41

1 Answers1

0

In Apache2 configuration certificates are installed with these directives:

SSLCertificateKeyFile - Private key for certificate SSLCertificateFile - Server certificate file SSLCertificateChainFile - Intermediate and root certificate chain file.

If you use the two first ones and don't have the last one defined, you don't have root / intermediate CAs installed.

If your certificate is installed using SSLCACertificateFile directive, then your server certificate and intermediate / root certificates must be concatenated into the file specified in the directive.

In nginx, the ssl_certificate directive should contain the file name containing a concatenated list of server certificate + intermediate / root certificates.

Tero Kilkanen
  • 34,499
  • 3
  • 38
  • 58
  • Hmm. What I've done so far is to purchase a professionally signed SSL certificate from DreamHost, and I can't yet install the certificate on my server (Heroku) due to the problems I'm having. So do these things you're mentioning still apply? – Jason Swett Mar 16 '14 at 13:20
  • Yes. You need to check with Heroku in what format it needs the certificate in order for it to contain all the needed certificates. You can get the root / intermediate certificates from DreamHost. – Tero Kilkanen Mar 16 '14 at 14:05
  • Okay, thanks. I did successfully put SSL on a Heroku site once before and I used the format of root certificate concatenated with intermediate certificate. So I think that answers that question. I'm still unclear on the answer to my original question of how to tell whether the root CA is "in place". – Jason Swett Mar 16 '14 at 14:37