SSL - CA Bundle invalid

pranalee · October 13, 2007, 5:09pm

Hello,
I’m installing SSL certificate (PremiumSSL) for my client, but the server (CPanel/WHM) is refusing CA Bundle when I try installing it. This cause problems with Google Checkout.

The error looks like this:

Verifcation Result [/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware error 2 at 1 depth lookup:unable to get issuer certificate]

Anybody knows what I did wrong?

garry · October 15, 2007, 10:51am

Hi,

I am sure the technical support team have an answer for this.

Please submit a ticket with all details at http://support.comodo.com

Garry

pranalee · October 24, 2007, 1:54am

My client got a reply from the tech support but they just gave her the same certificate. Same error occured in my server.

The CRT installs fine, only the CA BUNDLE that is problematic

Hardware error 2 at 1 depth lookup: unable to get issuer certificate – what does this mean?

Anybody else had the same problem? I tried googling for this error and only found this very thread.

garry · October 24, 2007, 9:03am

Hi,

The error means that the site certificate cannot chain back to a trusted root.

So, this suggests that the web server is either not using the CABundle file, or the one that is being used is not the one we sent with the site certificate.
Please do not use any other bundle file as the certificates are in a specific order from intermediate to root in the bundle file we provide.

So, please continue to weork with the support team to resolve this issue.

Garry

camelothost · November 11, 2007, 3:27pm

Actually I have been complaining about this for months,
and was sent a new ca bundle and told to use it,

well now when I do I no longer get the hardware error, ( which we only started getting about 6 months ago )

but when I run an ssl Level3 debug test I get very ugly errors

openssl s_client -host xxx.xxx.xxx.xxx -port 2083 -verify -debug -ssl3
verify depth is 0
CONNECTED(00000003)
depth=1 /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
verify error:num=20:unable to get local issuer certificate
verify return:0
16755:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:894:

Please do not start blaming the users, especially the ones that have paid you over 20 grand in the last 2 years ( actually 1 1/2 years )

I posted my first ticket on this ( RGX-943044 ) back on July 18th and was sent a new ca bundle

and then on

Sept 14th ( KAP-960677 ) I created another ticket, Its still on hold by the way )
and this is the reply I got

hi,

I have forwarded this to the developers to look into for future inplementation.

I replied back on Oct 24th , reason, I still had not heard anything,
its now November 11 and STILL no response,

and the new twist is that I cant disable sslv2 cause of the errors caused by your certs

camelothost · November 11, 2007, 3:29pm

One more thing,

the errors are using the bundle that came with the crt