hello rocketblr, the site isn't providing a full certificate chain that links the intermediate certificate that it uses to the root certificate trusted by the browser: https://www.ssllabs.com/ssltest/analyze.html?d=happydemics.com&hideResults=on&latest (in this case it will depend on chance/if you have visited another site which used and implemented the same intermediate certificate properly).

please report that issue to the webmasters of this particular site... http://wiki.gandi.net/en/ssl/faq#what_is_an_intermediate_ssl_certificate

Many thanks for a quick reply.

So the issue is on Gandi side? Did I get it right?

no the issue is with happydemics.com and how they are presenting their certificate - in essence that website should signal this to the browser: i'm signed by Gandi Standard SSL CA, which is in turn signed by USERTrust RSA Certification Authority, which is signed by AddTrust External CA Root, which is already trusted by the browser (a complete chain between the site's certificate and the root ca trusted by the browser)!

however the site at the moment just says: i'm signed by Gandi Standard SSL CA (which is no particular authority that firefox would trust out of the box).

But Gandi provided only their intermediate certificate. Where can we download USERTrust and AddTrust certificates and add them to combined crt? Is it possible?

they appear to provide all certs of the chain at http://wiki.gandi.net/en/ssl/intermediate (you don't need AddTrust since this is included in the browser already). if you are having trouble installing them on your server (i don't know the details about that), please contact the support of the certificate's vendor.

You can find a link to download the two certificates on this page:

• https://wiki.gandi.net/en/ssl/intermediate

Gandi Standard SSL CA 2:

• http://crt.gandi.net/GandiStandardSSLCA2.crt
• http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt