Hi All!
I want to start with a brief intro: I manage more than 10 dedicated servers and more than 50 VPS all running for my clients and I swear I never had this kind of problems before, I am really well "seasoned" and I know how to manage perfectly Servers and various control panel and... really I don't know, maybe I am tired or maybe I have many things in my head but with one dedicated server I already lost the patience on putting working at 100% two websites with SSL...
So the problem is that in my side everything is working perfectly so if I load this two websites with Safari, Camino, Firefox and Opera the websites are 100% trusted, I asked a friend with a windows PC to make some checks and she neither had problems... all trusted and without issues...
But of every "fairy tale" there's the dark side of the moon... so:
Some clients are experiencing an issue that I cannot understand how to fix because I know I did everything in the correct way. Ah, right... the issue:
Some people receive a message saying that the Website is NOT trusted as it seems that the Chain certificate is not correctly installed... Using various websites to check the SSL status of a Website I get every time this problem:
Common names localsearchtool.org Alternative names localsearchtool.org www.localsearchtool.org Prefix handling Both (with and without WWW) Valid from Tue Nov 22 00:00:00 UTC 2011 Valid until Wed Nov 21 23:59:59 UTC 2012 (expires in 10 months and 15 days) Key RSA / 2048 bits Signature algorithm SHA1withRSA
Server Gated Cryptography No Weak key (Debian) No Issuer PositiveSSL CA Next Issuer UTN-USERFirst-Hardware TRUSTED Chain length (size) 1 (1330 bytes) Chain issues Incomplete <<<<<<<<<<<<<<<<<<< HERE!!!!! Validation type Domain-validated (DV) Revocation information CRL, OCSP Revocation status Good (not revoked) Trusted Yes
So I thought that the problem WAS the issuer, PositiveSSL (Comodo) but the problem is that the same issue is for another website that use a GoDaddy Certificate, same old song: Chain Issue: Incomplete.
So, what I am doing wrong? What I am skipping?? Why only in one server???
This is the configuration:
SSLEngine on SSLCertificateFile /home/xxxxx/ssl.cert SSLCertificateKeyFile /home/xxxxx/ssl.key SSLCACertificateFile /home/xxxxx/PositiveSSL.ca-bundle SSLCertificateChainFile /home/xxxxx/PositiveSSL.ca-bundle
Thanks in advance for your help and sorry of my english and my attitudes on writing long novels instead of a normal post!