• Dear Pleskians! The Plesk Forum will be undergoing scheduled maintenance on Monday, 7th of July, at 9:00 AM UTC. The expected maintenance window is 2 hours.
    Thank you in advance for your patience and understanding on the matter.

Unexpected behavior with intermediate certificate

plidp

New Pleskian
Hi,
I've just got stuck installing a new SSL Certificate on my virtual server.
In the Plesk 12 page I uploaded the certificate and Intermediate CA + GeoTrust Global CA; they all show up correctly and I got a confirmation green message.
On Chrome there's no problem, but on Firefox it says sec_error_unknown_issuer.

I discovered that the webserver seems to be refusing to provide additional certificates: trying to connect to the server using the command "openssl s_client" returns "No client certificate CA names sent"; even Qualsys SSL Labs test says that the chain is incomplete and only one (the one relative to my CN) certificate is actually provided, despite the intermediate showing up in the Plesk page.

I don't understand why this unexpected behavior and I need to fix it urgently.
Could you help me?

Thanks a lot
 
Hi, I'm not sure if you've figured this out. I've had a few certificates that were renewed that work great in some browsers (chrome) but not others (firefox). This is due to an older chain certificate retained on renewed certificates; as a result, I found (with GeoTrust certificates) you need to run their checker:

https://cryptoreport.geotrust.com/checker/

Then download and install the chain identified after the checker completes.

Regards.
 
Back
Top