Installing intermediate CA in Debian

ssl-certificate

The SSL tester at sslcheck.globalsign.com says:

Server configuration does not include all intermediate certificates

I found this page:
http://yob.id.au/2013/02/06/trusting-new-ssl-certificates-in-debian.html
and they say I should do the following:
1.Open the affected domain in a browser and view the intermediate certificate
2.Export the certificate to a file with a .crt extension
3.Copy the file to your Debian box and place it in /usr/local/share/ca-certificates
4.As root, run update-ca-certificates

It said:

Updating certificates in /etc/ssl/certs… 1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d….done.

I did it, but it still isn't working. What should I do?

By the way, sometimes I can read (just like in the example above) that I should put certificates into /usr/local/share/ca-certificates, other times that I should put them to /etc/ssl/certs, so what is the correct location?

Best Answer

Inside your apache's config files, search for this directive: SSLCertificateChainFile (if apache version 2.4.7 or lower) or SSLCertificateFile (if apache version 2.4.8 or higher)

The file pointed in that directive must contain the server certificate, followed by the issuer CA (and the issuer's issuer CA, and so on). It should look like this:

Being the first certificate the server's, the second the intermediate CA's, etc.

Best Answer

Related Solutions

Ssl – Installing SSL Certificate for use in IIS7, installation “works”, but cert listing disappears

Ssl – How to install multiple Intermediate CA Certificate files on Apache

Related Topic