I have a wildcard certificate and got it signed by AlphaSSL. I followed the steps from here: http://nginx.org/en/docs/http/configuring_https_servers.html#chains to set it up on my nginx server which is used as a reverse proxy for multiple web sites and applications.
At the moment it is only set up on my Joomla website – https://www.webbsc.at
It works fine on Windows IE 11 and Windows Chrome. It is failing on Windows Firefox, Mac OS X with any browser and Android Chrome. I didn't have the chance to try it out with other browsers / OS so far.
Firefox says that it cannot identify the issuer (sec_error_unknown_issuer) but I have added the intermediate certificate. Also Chrome in Windows can show me the correct certification hierarchy, while Firefox only shows my certificate.
What am I missing here?
Update:
Configurations for the certificate I've tried so far:
- my-cert, intermediate
- my-cert, intermediate, root
- my-cert, root, intermediate
all three work in IE, Chrome in Windows, none work in any other browser
When I've tried a different intermediate certificate it didn't work in Windows anymore either, so it should be the correct intermediate one.
Once again – when I open the Firefox or Mac OS X details about the certificate I can't see the intermediate + root certificate in the hierarchy. In Windows I see them, as well as on the Websites for testing SSL (provided by the first answer)
Solution:
As you can read in the comments of the answer, I had a wrong intermediate certificate which somehow worked better than other the other wrong certificate I tried.
Best Answer
It seems that there is something wrong with the intermediate certificate . If you verify your certificate using tools from SSLShopper or SSLLabs , both are returning errors in the certificate chain.