Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

site SSL works on Chrome, Safari, and FF for Linux and OS-X, but not FF for Windows 7 (or any Android browser)

  • 2 ŋuɖoɖowo
  • 1 masɔmasɔ sia le esi
  • 18 views
  • Nuɖoɖo mlɔetɔ chrysostom

more options

I am setting up a website with SSL: https://coalitionportelgin.ca The SSL connection works (and intermediate certificates are retrieved) in Chrome on Linux, OS-X, and Windows 7; ChromeOS; Firefox (18.0) on OS-X and Linux; and Safari on OS-X, iOS, and Windows.

However, I am still getting connection errors on Firefox 18.0 on Windows 7 and on all Android browsers, with "This Connection is Untrusted...because no issuer chain was provided."

This diagnostic tool shows the certificate chain is being pulled, but still reports "Unable to get the local issuer of the certificate. The issuer of a locally looked up certificate could not be found."

http://www.networking4all.com/en/support/tools/site+check/report/?fqdn=coalitionportelgin.ca&protocol=https

Intermediate certificate is installed:

$ ls /etc/ssl/certs |grep GandiStandardSSLCA.pem GandiStandardSSLCA.pem

And it is being pointed to:

$ grep -i -r "SSLCertificateChainFile" /etc/apache2/ /etc/apache2/sites-available/000-coalitionportelgin.ca-ssl: SSLCertificateChainFile /etc/ssl/certs/GandiStandardSSLCA.pem /etc/apache2/sites-enabled/000-coalitionportelgin.ca-ssl: SSLCertificateChainFile /etc/ssl/certs/GandiStandardSSLCA.pem /etc/apache2/httpd.conf: SSLCertificateChainFile /etc/ssl/certs/GandiStandardSSLCA.pem

For good measure, the intermediate and root certificates have also been appended to the server certificate.

I have followed all steps indicated by the cert provider, as well as other sources, and have spent hours troubleshooting this. I don't see anything more to be done. Is this a problem of server configuration (and if so, what?) or is this a problem that I can't do anything about?

I am setting up a website with SSL: https://coalitionportelgin.ca The SSL connection works (and intermediate certificates are retrieved) in Chrome on Linux, OS-X, and Windows 7; ChromeOS; Firefox (18.0) on OS-X and Linux; and Safari on OS-X, iOS, and Windows. However, I am still getting connection errors on Firefox 18.0 on Windows 7 and on all Android browsers, with "This Connection is Untrusted...because no issuer chain was provided." This diagnostic tool shows the certificate chain is being pulled, but still reports "Unable to get the local issuer of the certificate. The issuer of a locally looked up certificate could not be found." http://www.networking4all.com/en/support/tools/site+check/report/?fqdn=coalitionportelgin.ca&protocol=https Intermediate certificate is installed: $ ls /etc/ssl/certs |grep GandiStandardSSLCA.pem GandiStandardSSLCA.pem And it is being pointed to: $ grep -i -r "SSLCertificateChainFile" /etc/apache2/ /etc/apache2/sites-available/000-coalitionportelgin.ca-ssl: SSLCertificateChainFile /etc/ssl/certs/GandiStandardSSLCA.pem /etc/apache2/sites-enabled/000-coalitionportelgin.ca-ssl: SSLCertificateChainFile /etc/ssl/certs/GandiStandardSSLCA.pem /etc/apache2/httpd.conf: SSLCertificateChainFile /etc/ssl/certs/GandiStandardSSLCA.pem For good measure, the intermediate and root certificates have also been appended to the server certificate. I have followed all steps indicated by the cert provider, as well as other sources, and have spent hours troubleshooting this. I don't see anything more to be done. Is this a problem of server configuration (and if so, what?) or is this a problem that I can't do anything about?

All Replies (2)

more options

Try to ask advice about web development at the MozillaZine "Web Development/Standards Evangelism" forum.

The helpers at that forum are more knowledgeable about web development issues.
You need to register at the MozillaZine forum site in order to post at that forum.

more options

Thanks I'll try that. I neglected to mention that the cert also works fine with IE. This is a weird problem.