SSL certificate is not trusted in all web browsers

onelouderimage · 2016-09-25 14:42:33 UTC

Hello!

For example, Firefox users have problem to visit my HTTPS-sites.

The “SSL-Checker” (https://www.sslshopper.com/ssl-checker.html) reports:

The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. You can fix this by following GeoTrust’s Certificate Installation Instructions for your server platform (use these instructions for RapidSSL). Pay attention to the parts about Intermediate certificates.
One of the certificates is signed with a SHA1 signature. We recommend that you reissue or replace this certificate with one that uses a SHA-2 signature. Contact your SSL provider about how to do this. Read more about the SHA-1 deprecation here.

So how can I or Dreamhost fix it?
THANKS!

smaffulli · 2016-09-26 03:50:32 UTC

the answer is ‘it depends’ Where did you get the certificate? where is it installed? Which domains have issues? Without more details we can’t give you any meaningful answer.

onelouderimage · 2016-09-26 10:27:10 UTC

A typical “DH answer”. Ok…

It’s a RapidSSL certificate
Installed under -> Dreamhost Web Panel -> Secure Hosting -> Manage SSL certificates
Domain name via E-Mail!

Thank you!

smaffulli · 2016-09-26 17:09:21 UTC

Not sure why you’re not disclosing your domain… without it, I (nor anybody else on these forums) can’t give a look at the certificate and give you a more thorough answer. Is the domain private?

If you google “rapidssl certificate not accepted by firefox” you’ll find some suggestions on how to further debug the issue. For example, https://support.mozilla.org/en-US/questions/1035276 http://serverfault.com/questions/734932/ca-certificate-not-trusted-by-firefox

PS Remember that on these forums there are lots of volunteers, including DreamHost employees whose job is not to answer questions on forums. Answers here are not DreamHost official answer unless explicitly marked as such. And it’s not “typical” answer either: in order to give meaningful answers, people need to know as many details as possible. Despite its bad title, this document is still a good read http://www.catb.org/esr/faqs/smart-questions.html

onelouderimage · 2016-09-28 14:47:11 UTC

Look into your mailbox! I had send you the domain names, some days ago!

smaffulli · 2016-09-28 15:58:38 UTC

I can’t find anything related to this in my inbox, checked spam too. Again, I have to ask: why are these secret? Aren’t the domains public already?

onelouderimage · 2016-09-29 11:04:59 UTC

I send the mail again!
[hr]
I don’t want to name the domains here!
Again, I have to ask: what’s YOUR problem?

smaffulli · 2016-09-29 17:19:32 UTC

Got the email now, twice at the same time … the messaging system maybe took a nap Thank you.

I checked your sites (which, again, seem to be public and indexed by google: I don’t understand why you keep them secret on this public request for help)

Anyway I see no issues there. My Firefox does not complain about one of the two and the other one seems to load one item (a png file) from http instead of https, therefore Firefox correctly throws a warning that parts of the page are not secure.

Other checks you can run:
https://www.whynopadlock.com/check.php
https://www.sslshopper.com/ssl-checker.html

I also run https://www.sslchecker.com/sslchecker and I see no issues there either…

Since you’re so secret about your public domains, I can’t help you further. Open a ticket with DreamHost customer support and provide screenshots and all information necessary to understand and replicate the issue.