4

I am using zerossl.com website to generate an SSL certificate for my website developer.norght.com

I successfully downloaded and installed a certificate from the zerossl.com website as per their documentation. And I am able to access https://developer.norght.com securely on my devices.

My Hosting Account's SSL tab which also indicates that certificate installed successfully as below: enter image description here

Now my problem is: When I check my SSL certificate using different platforms, they are showing me this error that my certificate is not trusted on all browsers!

SSL Hopper reference: enter image description here

SSL Labs reference: enter image description here

I tried to troubleshoot the issue using this article https://zerossl.com/help/troubleshoot/missing-intermediate-certificate/ provided by zerossl.com but found no luck. I even try to re-install certificate, private-key, ca-bundle file but still getting the same error.

So, I search for a further tool that can help me to solve the issue on https://whatsmychaincert.com/?developer.norght.com this website. They are providing me the chain which I should use as ca-bundle, I tried that too!

I tried every solution I found around but none of them is able to solve my problem.

Anyone here if helps me with this issue it would be much-appreciated pals.

Kaushik
  • 79
  • 1
  • 8
  • While you describe that you have tried to properly install the intermediate certificates it is not clear from your description how you exactly tried it. One can only say based on this that you likely made mistakes when trying but due to lack of information cannot say which mistakes you've made. *"I tried every solution I found around"* - this says only that you've tried something but not what exactly. It thus does not add any information which might be useful to help you. – Steffen Ullrich Jul 01 '20 at 19:42
  • What additional things I perform is mentioned in https://whatsmychaincert.com/?developer.norght.com here. What they are suggesting, I use that chain certificate and install it while using SSL certificate. – Kaushik Jul 03 '20 at 10:48

2 Answers2

6

I'm aware that this question was asked about 6 months ago. So, in case you're still searching for the solution, you might wanna try the following:

  • Copy the ca-bundle content (cert) and paste it after your domain cert in the Certificate (CRT) field.

Yes, this means that there are 2 certs in your CRT field (domain and ca-bundle) as example below:

Certificate (CRT)

-----BEGIN CERTIFICATE-----

(domain cert)

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

(ca-bundle cert)

-----END CERTIFICATE-----

If this works, it's just how the cert is installed at your hosting provider.

zhulien
  • 5,145
  • 3
  • 22
  • 36
Rashad
  • 61
  • 1
  • 2
1

The root cause is that the root certificate for certificates issued by zerossl.com is not included in well-known web browsers (such as Chrome and Firefox) by default as a "trusted root certificate". Therefore, you have to install the root certificate manually. This means that you have to ask everyone who wants to access developer.norght.com to install the root certificate into their web browsers manually.

If you want to enable people to access developer.norght.com without installing the root certificate manually, you have to use other certificate issuer (not zerossl.com) that can issue certificates whose root certificate is installed in well-known web browsers by default.

As the diagram below from "Illustrated X.509 Certificate" tells, the origin (i.e. root certificate) of a certificate chain must be installed in advance.

certificate chain

Takahiko Kawasaki
  • 18,118
  • 9
  • 62
  • 105