I’m hoping you can help me with my PositiveSSL certificate issues on my ubuntu / apache server. Some browsers work ok and others like Firefox on Android do not like it and give a warning.
I’ve installed the certificates but when I do an SSL check the results always show a problem with the certificate chain.
The email I received from Comodo had a domain.ca-bundle file and domain.crt file.
Inside the domain.ca-bundle file it appears to have the PositiveSSLCA.crt stacked on top of the UTNAddTrustServerCA.crt. I get the impression from everything I’ve read there needs to be more to it than just these to certificates…?
I don’t think there is anything wrong with my virtual host setup…
SSLEngine on
SSLCACertificatePath /etc/apache2/sslcerts/
SSLCertificateKeyFile /etc/apache2/sslcerts/domain.key
SSLCertificateFile /etc/apache2/sslcerts/domain.crt
SSLCertificateChainFile /etc/apache2/sslcerts/domain.ca-bundle
When I use, openssl s_client -showcerts -connect domain.com:443, only the first certificate in the certificate chain shows.
I’ve read about the order the certificates are suppose to be in and how to create a .ca-bundle in the instructions, but I must be missing something in the order or the setup in general. Thanks for your help.