搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

SSL certificate doesn't work in FF only. It says "The certificate is not trusted because no issuer chain was provided."

  • 6 回覆
  • 7 有這個問題
  • 1 次檢視
  • 最近回覆由 cor-el

more options

It is suggested here (https://support.mozilla.org/en-US/questions/1021610) to check the website on networking4all.com I performed the check and the results are pretty fine. See below: http://www.networking4all.com/en/support/tools/site+check/report/?fqdn=happydemics.com&protocol=https

But Firefox still says it is untrusted. What's wrong with the certificate?

It is suggested here (https://support.mozilla.org/en-US/questions/1021610) to check the website on networking4all.com I performed the check and the results are pretty fine. See below: http://www.networking4all.com/en/support/tools/site+check/report/?fqdn=happydemics.com&protocol=https But Firefox still says it is untrusted. What's wrong with the certificate?

被選擇的解決方法

所有回覆 (6)

more options

hello rocketblr, the site isn't providing a full certificate chain that links the intermediate certificate that it uses to the root certificate trusted by the browser: https://www.ssllabs.com/ssltest/analyze.html?d=happydemics.com&hideResults=on&latest (in this case it will depend on chance/if you have visited another site which used and implemented the same intermediate certificate properly).

please report that issue to the webmasters of this particular site... http://wiki.gandi.net/en/ssl/faq#what_is_an_intermediate_ssl_certificate

more options

Many thanks for a quick reply.

So the issue is on Gandi side? Did I get it right?

more options

no the issue is with happydemics.com and how they are presenting their certificate - in essence that website should signal this to the browser: i'm signed by Gandi Standard SSL CA, which is in turn signed by USERTrust RSA Certification Authority, which is signed by AddTrust External CA Root, which is already trusted by the browser (a complete chain between the site's certificate and the root ca trusted by the browser)!

however the site at the moment just says: i'm signed by Gandi Standard SSL CA (which is no particular authority that firefox would trust out of the box).

more options

But Gandi provided only their intermediate certificate. Where can we download USERTrust and AddTrust certificates and add them to combined crt? Is it possible?

more options

they appear to provide all certs of the chain at http://wiki.gandi.net/en/ssl/intermediate (you don't need AddTrust since this is included in the browser already). if you are having trouble installing them on your server (i don't know the details about that), please contact the support of the certificate's vendor.

more options

選擇的解決方法

You can find a link to download the two certificates on this page:

Gandi Standard SSL CA 2: