Page 2 of 2 First 12
  • Jump to page:
    #16
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2006
    Posts
    1
    Rep Power
    0
    Now we're getting somewhere.

    I'm running into this same problem. When I try adding a SSLCertificateChainFile directive to my httpd.conf file, however, Apache fails to load, returning the following error:

    [error] Init: (www.example.com:443) Failed to configure CA certificate chain!

    Any ideas? I triple checked to make sure the path was correct and the file valid.

    As an aside, I note that Firefox recognizes "Starfield Technologies, Inc." whereas the cert my customer received from GoDaddy is issued by "Starfield Secure Certification Authority." If I'm understanding the issue correctly, if Firefox recognized the latter, the chain certificate would be unnecessary?
  2. #17
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2006
    Posts
    1
    Rep Power
    0
    The cheapest GoDaddy cert $19 is an "Intermediate" certificate that only validates your web domain name. It does not contain the full CA chain, so you need to install the intermediate CA cert from Starfield, that your Godaddy cert was created from, onto your web server.
    If you buy the more expensive cert I dont think you need to.

    Download the Starfield Intermediate CA cert chain from
    https://certificates.starfieldtech.com/Repository.go

    and then put this in your Apache config:
    SSLCertificateChainFile=/home/whereever/sf_issuing.crt

    That worked for me...

    Comments on this post

    • B-Con agrees
  4. #18
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2006
    Posts
    1
    Rep Power
    0

    Success


    That directive did it for me, as I was having the same problem before. If you're running vhosts on Apache2, the directive goes in the individual domain's conf file.

    Originally Posted by raada
    The cheapest GoDaddy cert $19 is an "Intermediate" certificate that only validates your web domain name. It does not contain the full CA chain, so you need to install the intermediate CA cert from Starfield, that your Godaddy cert was created from, onto your web server.
    If you buy the more expensive cert I dont think you need to.

    Download the Starfield Intermediate CA cert chain from
    https://certificates.starfieldtech.com/Repository.go

    and then put this in your Apache config:
    SSLCertificateChainFile=/home/whereever/sf_issuing.crt

    That worked for me...

  6. #19
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2004
    Posts
    2
    Rep Power
    0

    i have this issue too


    Hey all,

    I'm having the same problem, and in speaking with GoDaddy they can't, of course, duplicate the issue in their Firefox browser. What I'd like to know is if any of you have figured this out, can you post what's in your httpd.conf for an example site?

    Here's an example of what one site references:

    Code:
    SSLCertificateFile /usr/share/ssl/certs/website.com.crt
    SSLCertificateKeyFile /usr/share/ssl/private/website.com.key
    SSLCACertificateFile /usr/share/ssl/certs/website.com.cabundle

    I then tried this different approach with the suggestion of Godaddy, to no avail:

    Code:
    SSLCertificateFile /usr/share/ssl/certs/website2.com.crt
    SSLCertificateKeyFile /usr/share/ssl/private/website2.com.key
    SSLCertificateChainFile /usr/share/ssl/certs/sf_issuing.crt

    Of course, this second option works for GD but not for me...and probably not for my client either. Help!
  8. #20
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2007
    Posts
    1
    Rep Power
    0
    Ok, I been paging through tons of forums looking for the answer.. eventually I went to 'certificates.godaddy.com/Repository.go' and saved all the files under "New Go Daddy Certificate Chain". I installed these and tada.. it worked. I was testing as I was going along, and it seemed to be either one of the intermediate certificates which would somehow kinda makes a bit of sense[my money is on Cross Intermediate Certificate]... I would love to hear the full explaination.. or it was the Go Daddy PKCS7 Certificate Intermediates Bundle (for Windows IIS). any ways it worked. If you have ago, let me know the exact one which worked if you can.
    I got a feeling im gonna be doing this again. So I will see if I can get the exact cert which fixes this.
  10. #21
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2007
    Posts
    1
    Rep Power
    0

    Solution to GoDaddy SSL Issue


    Hello there, I used to work at GoDaddy in Tech Support. I found out the hard way how to get rid of those errors in IE and Firefox when I put a site up for my friend using a GoDaddy SSL.

    I had to ask at work in Advanced Tech Support For Help. It turns out, you have to code every image, flash movie, and link on your site with the full path including https.

    For instance if you have an image being referenced in the images folder, normally (at least in dreamweaver) the calling link looks like this (/images/mypicture.gif)

    For that error to go away, you have to do it like this.
    haha .. im a new user so they wouldnt let me demonstrate the proper ssl link here.

    h t t p s : / / w w w . d o m a i n . c o m / the rest here

    It was kind of a pain for me and it took me a couple of hours but I finally got all of the links to all of the pages and images coded with that full path. Then all those errors went away.

    Hope that helps you some.
  12. #22
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2007
    Posts
    1
    Rep Power
    0
    I had the same issue with browsers other than IE. My web server is IIS 6. The problem was that I only installed the cert in IIS. What had to be done was the Intermidiate Certificate Bundle had to be installed on the webserver itself. This bundle is downloaded in the zip file when you download your cert.

    Installing Intermediate Certificate Bundle (gd_iis_intermediates.p7b):

    Select Run from the start menu; then type mmc to start the Microsoft Management Console (MMC).
    In the Management Console, select File; then "Add/Remove Snap In."
    In the Add/Remove Snap-In dialog, select Add.
    In the Add Standalone Snap-in dialog, choose Certificates; then click the Add button.
    Choose Computer Account; then click Next and Finish.
    Close the Add Standalone Snap-in dialog and click OK on the Add/Remove Snap-in dialog to return to the main MMC window.
    If necessary, click the + icon to expand the Certificates folder so that the Intermediate Certification Authorities folder is visible.
    Right-click on Intermediate Certification Authorities and choose All Tasks; then click Import.
    Follow the wizard prompts to complete the installation procedure.
    Click Browse to locate the certificate file (gd_iis_intermediates.p7b).
    Choose Place all certificates in the following store; then use the Browse function to locate Intermediate Certification Authorities. Click Next.
    Click Finish.


    Other webserver versions can find out how to install the bundle here: since I am a new user I cannot post URLs to go to godaddy and search for install certificate bundle.
  14. #23
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2009
    Posts
    1
    Rep Power
    0
    I fixed the problem for my website by downloading and installing Crt file from Starfield
    URL : https[colon][slash][slash]certs[dot]starfieldtech[dot]com[slash]Repository.go

    From this url download one of the file under "ValiCert Legacy Certificate Chain" and upload it to your server.

    I use plesk control for my website.

    Both
    Starfield Secure Server Certificate (Intermediate Certificate)
    and
    Starfield Certificate Bundles (for cPanel installation only)
    worked fine for me.
    I got the exception that CA and cert do not match but this fixed my problem.

    Good luck
  16. #24
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2004
    Posts
    222
    Rep Power
    18
    It's fun getting email updates when someone posts to this thread
  18. #25
  19. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Posts
    8
    Rep Power
    0
    Whenever you have these kinds of errors, it's related to the non or misinstallation of the intermediate certificate. Typically cheaper ssl certificates require intermediate certs. However, it doesn't lessen the trust value or ubiquity of the certificate because ultimately the root cert above the intermediate(s) is trusted by probably 99%+ of browsers worldwide. The intermediate cert only completes the trust chain from root to website certificate, thus it does not impact ubiquity.

    more info on intermediate certificates - "What is an intermediate certificate?"
Page 2 of 2 First 12
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo