ssl certificate is not working in Firefox and IE

Digital Certificates SSL Certificate
1

Hello everybody,

I bought a certificate called positivessl.

I created .crt and .key files, submit the .crt file in tothe activating form, I fill out the web name indarceky.sk and successfuly setup the apache configuration to run ssl on my domain.

the website address is https://indarceky.sk

if you visit my website via google chrome, everything is good. But firefox is unable to open my website and IE shows error about untrusted certificate.

The seller of certificate told me there is something wrong in my configguration. It is my own server runing debian and apache.

Can anybody help what todo? I wrote with support, googling for a hourses, tried to disable ssl3 but nothing help me. Many thank you for anything.

This is my .conf file

<VirtualHost *:443>
ServerAdmin admin@projectx2.biz
DocumentRoot /server/web/indarceky.sk/htdocs/www
ServerName indarceky.sk
SSLEngine on
SSLCertificateKeyFile /etc/apache2/ssl/indarceky.key
SSLCertificateFile /etc/apache2/ssl/indarceky_sk.crt
SSLCertificateChainFile /etc/apache2/ssl/indarceky_sk.ca-bundle
SSLProtocol All -SSLv2 -SSLv3

2

Where did you obtain the ‘SSLCertificateChainFile’ from as it would appear the certificates in it are out of order…

It looks like this (when presented by the server):

Certificate chain
0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=indarceky.sk
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
1 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
3 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority

When it should look like this…

Certificate chain
0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=indarceky.sk
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

3

Hello,

firstly let me say thank you for your message.

I checked the tutorials where was written, to optain a SSLCertificateChainFile file, copy and paste all the .crt documents you receive in e-mail from ssl authority. Of course without the main certificate file. and later, the livechat support gave me another file I tried but still no success.

This is the second edition of SSLCertificateChainFile i have:
http://indarceky.sk/indarceky_sk.ca-bundle.txt

Okay so at this time I change this file and restart apache. Still no chance to work. I am so worried… Please do you know what I can do with this problem?

4

As far as I can see everything is A OK with the certificate.

https://sslanalyzer.comodoca.com/?url=indarceky.sk

5

Chrome 40+ can not open https://indarceky.sk as Chrome now does not support SSL 3, just like Firefox 34+. You need to enable TLS (1.0, 1.1, 1.2).

There are also some other issues: SSL Server Test: indarceky.sk (Powered by Qualys SSL Labs)