I received a free SSL certificate from StartSSL which I installed on my server. It works fine on desktop browsers and such but as soon as I open the website on my phone it says "NET::ERR_CERT_AUTHORITY_INVALID".
When I test my site on different SSL checkers they all say my trust chain is incomplete or my Intermediate certificates are missing.
My site runs on a HAProxy loadbalancer with two servers backend. I concatenated my certificate with the private key and placed it in the configuration of HAProxy, but I have no idea how to configure it so it also includes the Intermediate certificates.
Best Answer
StartSSL splits their certificate distributions into sub-packages for use with the common server setups - IIS, Apache and Nginx - each simply contains the common naming scheme and appropriate intermediate certificate bundling.
The package
OtherServer.ziphas the individual certificates separated as individual files: the intermediate, your issued cert, and a root cert (which you shouldn't need.) If you have used this package, the Intermediate Certificate1_Intermediate.crtneeds to be concatenated to your issued certificate to complete the chain.The concatenation step has already been taken for the Nginx package, and using that would be the fastest solution.