You may need to install an Intermediate/chain certificate to link it to a trusted root certificate

Discussion in 'ISPConfig 3 Priority Support' started by JohnnyBeGood, Oct 26, 2017.

  1. JohnnyBeGood

    JohnnyBeGood Member HowtoForge Supporter

    Hi,

    I bought Comodo Positive SSL Wildcard and they assuered me I can use on any subdomain regardless of the IP.
    So in ISPconfig I've enabled SSL created SSL and send SSL Request to them and in the email I got two files STAR_mydomain_us.ca-bundle and
    STAR_mydomain_us.crt and populated them into SSL Certificate and SSL Bundle fields. Now when I check it using https://www.sslshopper.com/ssl-checker.html for:
    Website hosted on server1 with ISPconfig 3, all o.k. https://prnt.sc/h2rgb0
    ESXi hosted on server2 but SSL does not appear to be valid https://prnt.sc/h2g59c
    I've read ISPconfig manual pg. 136 and I did everything as instructed. What am I doing wrong?
     
    Last edited: Oct 27, 2017
  2. JohnnyBeGood

    JohnnyBeGood Member HowtoForge Supporter

    Additional info. Even after I delete SSL esxi.mydomain.us still shows up there?
     

    Attached Files:

    • ssl.jpg
      ssl.jpg
      File size:
      61.5 KB
      Views:
      2
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Do you get a warning in the brwoser when you brows the esxi... domain? It can be that it's just an issue ain the ssl checker.

    That's ok. It will show up there as long as the domain exists in ISPConfig.
     
  4. JohnnyBeGood

    JohnnyBeGood Member HowtoForge Supporter

    No, I did not get any warnings just when I tested on various SSL checker websites they all point to the same problem.
    Since it was test domain with simple Wordpress website I deleted it and created new one with SSL enabled but no luck in solving "You may need to install an Intermediate/chain certificate to link it to a trusted root certificate"
     
  5. JohnnyBeGood

    JohnnyBeGood Member HowtoForge Supporter

    I solved this issue and wanted to post the solution.
    It was quite simple. Once I got STAR_mydomain_us.ca-bundle and
    STAR_mydomain_us.crt in the email from Comodo I opened new text file and enter content from STAR_mydomain_us.crt 1st and just bellow that added content from STAR_mydomain_us.ca-bundle and copied that content in /etc/vmware/ssl/rui.crt inside /etc/vmware/ssl/rui.key I had my private key from OpenSSL (star_mydomain_us.key) and did services.sh restart on my ESXi server.
    https://prnt.sc/h3qdyi
    Everywhere else online I also get:
    "Certificate Chain Complete
    All of the correct Intermediate CA Certificates are installed. Your SSL certificate is installed correctly and should be supported in all the major web browsers without problems."
     

Share This Page