On 11/03/2014 01:26 PM, Per Jessen wrote:
I am trying to access
https://webmail.hostsuisse.com/
and with the lastest Firefox, I get:
webmail.hostsuisse.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)
However, the issuer is SwissSign, the CA is:
SwissSign Server Silver CA 2008 - G2
This is installed per default (according to Edit->Preferences->Advanced->Certificates).
Can anyone explain this?
Look here: openssl s_client -connect webmail.hostsuisse.com:443 -showcerts ... Certificate chain 0 s:/OU=Domain Validated Only/CN=webmail.hostsuisse.com i:/C=CH/O=SwissSign AG/CN=SwissSign Server Silver CA 2008 - G2 This is your server certificate. It is issued by "SwissSign Server Silver CA 2008 - G2" .... 1 s:/C=CH/O=SwissSign AG/CN=SwissSign Silver CA - G2 i:/C=CH/O=SwissSign AG/CN=SwissSign Silver CA - G2 This is the root-CA certificate. The webserver does not deliver the intermediate certificate. Its name should be: "SwissSign Server Silver CA 2008 - G2" and i guess it should be issued by: "SwissSign Silver CA - G2" Get it here, and add it to the chain of your apache - don't add it to your browser: https://swisssign.net/cgi-bin/authority/download