The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Incomplete SSL Chain problem in Firefox

Discussion in 'Security' started by selfuntitled, Jun 8, 2012.

  1. selfuntitled

    selfuntitled Registered

    Joined:
    Nov 9, 2011
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I've just rebuild my server after a disk failure and mostly things have gone smoothly.

    When I installed the SSL cert for one of my domains, I used the same procedure as with every other SSL cert I've installed. The server auto-detected the key and the CA bundle just fine and in all browsers except firefox, the cert loads without error.

    For this one site, Firefox reports an invalid certificate chain, and the SSL test at https://www.ssllabs.com/ssltest/index.html reports incomplete chain.

    I've gone to comodo and downloaded their full CA bundle and installed it. I've checked the apache config files and it is serving the CA bundle I expect and I've checked and the CA bundle is identical to other domains on the server with certs from the same provider.

    The only difference I can find is the QUALYS SSL Labs reports the chain length for a site without this problem is 3 (3788 bytes) and for the site with this problem as 1 (1318 bytes)

    What I can't figure out is - where/how is this chain length being specified?
    Did I just get a bum cert and it needs to be re-issued, or is there some other problem here.
     
  2. selfuntitled

    selfuntitled Registered

    Joined:
    Nov 9, 2011
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    For anyone that finds this, I did solve this problem. There was a problem with the cert itself.

    To resolve, I started by deleting everything, keys, csrs and certs for this account.
    I found that some of the certs simply wouldn't delete, via the UI.
    I went in by SSH as root and deleted them from
    /home/[username]/ssh/certs/
    /etc/ssh/certs/
    /usr/share/ssl/

    Once deleted, I created a new key, and rekeyed the cert.

    That solved the problem!
     
Loading...

Share This Page