sec_error_unknown_issuer for SSL Cert

[inferencia]

Hello guys,

We purchase SSL Certs from Enom (SBS Instant) and for FireFox 3.0.3 we are getting this error:

sec_error_unknown_issuer

And asks me to add an exception before letting me in.

Works fine in IE6 and 7

We have a correct RSA Key and Cert, and also entered the cert in the CA Cert box, and SSL is active for that user.

The user have his own IP , and have other domains assigned to that user.

Any suggestions ?

 

[nobaloney]

SBS Instant is a cheap Comodo Certificate and it requires an additional CA Certificate, which they should have sent you and which you indicate you've installed.

Because you didn't post your domain name it's impossible to troubleshoot the issue.

But it could be an issue where the certificate install didn't finish properly; IE6 and IE7 may have the root certificate and no longer need the CA certificate. Without the complete domain name/url it's really impossible to troubleshoot this further.

Jeff

 

[inferencia]

Hi Jeff,

Thanks for your response.

https://tupuja.es

I used the same certificate that was sent via email in the CA box. Is that not correct then ?

I've never gotten anything but one Certificate from them.

Looks like this :

-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIRAM/3W1rOZYGes/kk9TqEe+gwDQYJKoZIhvcNAQEFBQAw
XDELMAkGA1UEBhMCVVMxJzAlBgNVBAoTHlNlY3VyZSBCdXNpbmVzcyBTZXJ2aWNl
cywgSW5jLjEkMCIGA1UEAxMbU2VjdXJlIEJ1c2luZXNzIFNlcnZpY2VzIENBMB4X
DTA4MTAyMDAwMDAwMFoXDTA5MTAyMDIzNTk1OVowgYAxITAfBgNVBAsTGERvbWFp
biBDb250cm9sIFZhbGlkYXRlZDEtMCsGA1UECxMkUHJvdmlkZWQgYnkgU2VjdXJl
IEJ1c2luZXNzIFNlcnZpY2VzMRQwEgYDVQQLEwtTQlMgSW5zdGFudDEWMBQGA1UE
AxMNd3d3LnR1cHVqYS5lczCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo7WF
ZIAYb4QgEBBAQDAgbAMF0GA1Ud
IARWMFQwUgYLKwYBBAGyMQECAgowQzBBBggrBgEFBQcCARY1aHR0cHM6Ly93d3cu
c2VjdXJlYnVzaW5lc3NzZXJ2aWNlcy5jb20vcmVwb3NpdG9yeS9DUFMwgaQGA1Ud
HwSBnDCBmTBKoEigRoZEaHR0cDovL2NybC5zZWN1cmVidXNpbmVzc3NlcnZpY2Vz
LmNvbS9TZWN1cmVCdXNpbmVzc1NlcnZpY2VzQ0FfMi5jcmwwS6BJoEeGRWh0dHA6
Ly9jcmwyLnNlY3VyZWJ1c2luZXNzc2VydmljZXMuY29tL1NlY3VyZUJ1c2luZXNz
U2VydmljZXNDQV8yLmNybDCBtQYIKwYBBQUHAQEEgagwgaUwUAYIKwYBBQUHMAKG
RGh0dHA6Ly9jcnQuc2VjdXJlYnVzaW5lc3NzZXJ2aWNlcy5jb20vU2VjdXJlQnVz
aW5lc3NTZXJ2aWNlc0NBXzIuY3J0MFEGCCsGAQUFBzAChkVodHRwOi8vY3J0Mi5z
ZWN1cmVidXNpbmVzc3NlcnZpY2VzLmNvbS9TZWN1cmVCdXNpbmVzc1NlcnZpY2Vz
Q0FfMi5jcnQwIwYDVR0RBBwwGoINd3d3LnR1cHVqYS5lc4IJdHVwdWphLmVzMA0G
CSqGSIb3DQEBBQUAA4IBAQAQ6qgnxdHzIrsWQsBroI0XbDT6nplh1UaHZd6ZCnhp
yqQookXwQiwJ5R2gKp3U+4IVbHXohGJq45GguHqIyc4orMY3ul3UvIWU6Tm4EGuw
cm6FKrbpxcDm/380d184gj8mSSLjaz3aSqh3WujUO76mdx1TxZ8WAEnG/CbtvDPp
QhCWmxy+Z+en2Dyd/GFTOMYjBxZGwVJfhUmRzk2PqEka42EwHhRKOQanvCN6cUSB
a9c8di2pGsDaHhjsjXIXTrGeHwSmxU6dMzmhPyJetyMyN/5mU3waZR4mwuoo0bHq
8FwuR1JjBsiOYljBg+G2HKRDqZVTjWf2KMksOZKmLF9P
-----END CERTIFICATE-----

 

[nobaloney]

That's the main certificate. You also need what they call the chain certificate. For more information look here but remember that you're going to install it in the DirectAdmin control panel, not as they explain.

Jeff

 

[inferencia]

Excellent Jeff !

I should have read up them first, I suppose ! Was not aware this even existed

Reading up on it now

Thanks my friend ! Hope you're well.

 

[inferencia]

You DA MAN !!

https://tupuja.es/

thanks a million !

 

[nobaloney]

You DA MAN !!

Actually, I'm one of DA GURUS. That's the future location of the new wiki. Note it doesn't run yet; I think the error has something to do with changing from PHP4 as a module to PHP5 as a CGI. I'll figure it out if I ever have the time .

Jeff

 

[inferencia]

Oh sure,.. you might be a Da Guru,

But ,.. for me,. YOU DA MAN

Thanks !! I?ll be checking it out now and then and soon try to participate as well.

Cheers !

 

[Paragon]

Taking it up a bit, I have the same issue though following the steps in that website didn't do the trick for me,
The SSLCACertificateFile in the domain httpd.conf is pointing a ca-bundle that we got from COMDO, but still not working
can anyone try and have a look?
the domain name is www.mycompage.com
Thanks in advance,
Elad!

 

[nobaloney]

The Comodo chain certificate isn't properly installed. I really can't see why from here .

Jeff

 

[Paragon]

Problem was fixed for me,
There seems to be a bug in DA when trying to add chain cert to server shaerd IP from unknown reanson,
Reported by mail
Thanks for all of your help!
Elad!

 

[madman1133]

Jeff Please Help!

Hey Jeff,

Thanks for the information. You posted
"That's the main certificate. You also need what they call the chain certificate. For more information look here but remember that you're going to install it in the DirectAdmin control panel, not as they explain."

How do I install the chain certificate in the "DirectAdmin control penel"? I don't see any place in DirectAdmin control panel to specify the chain certificate. I tried following the DirectAdmin instructions and putting it in the directadmin.conf file but that just causes FireFox to lock up.

Please help I'm soooo STUCK!

Thanks in advance
Donny

 

[nobaloney]

Are you writing about the Certificate for the Control Panel? If so, then I can honestly say I use the published instructions all the time, and they do work.

Or are you writing about a domain in it's own account with it's own IP#?

If so, then whatever you did in the DirectAdmin conf file you should probably undo; it's only for running the control panel, not any sites. I write probably because you didn't give us enough information and it's impossible to check anything.

Did you create a new user for the domain? And give it it's own IP#?

Presuming yes then you should look at the instructions here; search in the returned page for Step 4: Install the CA Root Certificate.

If it's the server domain for the DirectAdmin control panel, then you should set SSL=1 in the DirectAdmin control panel and follow the instructions here.

Jeff