I've installed a new SSL certificate using SHA2 hashing instead of SHA1. My chain checks out using these online verifiers:
However this one tells me it can't find the Root CA:
How do I fix this?
Edit: Derp, here's the URL: secure.symt.us
This is on Apache2 on CentOS.
I have followed GoDaddy's setup instructions to the letter and restarted the server.
Edit 2, apache vhost conf:
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle-g2.crt
==== [SOLVED] ====
The problem turned out to be that my vhost was defined as <VirtualHost *:443>. Changing it to the server's IP address <VirtualHost xx.xx.xx.xx:443> fixed it.
There was a catch-all default <VirtualHost _default_:443> albeit without an SSLCertificateChainFile directive. Grepping /etc/httpd for SSLCertificateChainFile returned only my directive.
Perhaps apache has its own default SSLCertificateChainFile internally and refused to send mine when configured as *:443?
Best Answer
You're missing the certificate chain. Follow GoDaddy's Instructions, make sure you install their Intermediate certificates (commonly called a chain, or bundle as well)
GoDaddy supports Internet Censorship. You should seriously reconsider funding them. Especially when you can get SSL Certificates for Free.
For Apache 2.2.x, you need all three of the following (for a standard configuration)
You're likely missing that last one.