0

I'm trying to set up a Gandi SSL certificate but can't get it right from firefox point of view. I installed it on my load balancer (ELB) by converting my certificated to the pem format using the command: openssl x509 -inform PEM -in certificate.crt I tried to put my private certificate in the first box, my public one converted in pem received from gandi in the second one and the GandiStandardSSLCA2.pem file also received from Gandi in the certificate chain box. It works fine on chrome and IE but firefox gives me a "sec_error_unknown_issuer" error for some reason.

I also tried to enter the chain certificate in the same box as the public certificate but the result is the same. If you want to test by yourselves, the website url is https://10loop.com Can you help please?

koleror
  • 143
  • 1
  • 6

1 Answers1

1

It seems that you haven't properly installed the root/intermediate certificates. You should have these installed on any device that performs the SSL handshake, which in this case is probably your load balancer.

Hyppy
  • 15,608
  • 1
  • 38
  • 59
  • Thanks for your quick answer! As far as I know, Gandi only provides 1 internediate certificate, which I pasted into the aws console: http://pastebin.com/z0y3xcyU – koleror Dec 12 '14 at 16:15
  • 1
    "Gandi Standard SSL CA 2" is not being sent with the 10loop.com certificate when you connect to https://10loop.com. There may be a separate procedure for that specific load balancer to import an intermediate cert. – Hyppy Dec 12 '14 at 16:18
  • Interesting... Can you tell me how to check that myself please? That would help me a lot to fix that. Thanks – koleror Dec 12 '14 at 16:38
  • 1
    I just used a ssl checked website and everything looks fine... Here is the result: http://www.networking4all.com/en/support/tools/site+check/report/?fqdn=10loop.com&protocol=https – koleror Dec 12 '14 at 16:49
  • @koleror I see that you installed all the intermediate certs. If the issue is solved, please accept this answer. – sebix Dec 13 '14 at 10:33
  • How can you see that? I did not change anything in my conf as I don't know what I can do... The error is still there on firefox... Any idea ? – koleror Dec 15 '14 at 10:07