0

I bought an SSL certificate for my domain from GoDaddy.

The following are the contents:

  1. The certificate file
  2. gd_bundle-g2-g1.crt

I have vhost on my Apache 2.2.31 web server. The following is the configuration (httpd.conf):

<VirtualHost X.X.X.X:443>
        SSLEngine on
        SSLCertificateFile [[path_to_certificate]]
        SSLCertificateKeyFile [[path_to_key]]
        SSLCertificateChainFile [[path_to_gd_bundle-g2-g1.crt]]
        ServerName [[domain_nme]]
        ProxyRequests Off
        ProxyPreserveHost On
        ProxyPass / http://localhost:8081/
        ProxyPassReverse / http://localhost:8081/
</VirtualHost>

Its working properly in Google Chrome. In Andriod clients, an java.security.cert.CertPathValidatorException is thrown. It is because of a bad intermediate certificate.

Question:

  1. Is the file gd_bundle-g2-g1.crt that comes with the download the correct one?
  2. If yes, what is the problem with my configuration?

Note: The SSL test at https://www.ssllabs.com/ssltest/index.html also says the chain is incomplete.

Rahim
  • 101
  • 2

1 Answers1

1

You probably need the gdig2.crt listed at the GoDaddy Certificate Repository. It should have also been included in the bundle you downloaded.

Once you have that, and know the root certificate, you can verify it with:

openssl verify -verbose -CAfile <(cat gdroot-g2.crt gdig2.crt) yourcert.crt

If it is ok you should see something like <certname>:OK

Once you've made sure that all works, then you can retry your SSLLabs test.

Hope that helps. =)

Kassandry
  • 639
  • 1
  • 6
  • 15