I recently purchased an SSL certificate (GeoTrust RapidSSL) for our ASG-220, running version 8.202. I had no problems generating the CSR. I now have the certificate, the intermediate certificate, and the private key. I used the openSSL pcks12 command to put the ASG certificate, the private key, and the intermediate CA certificate into a single .p12 file.
I uploaded the file to the ASG-220, and it appeared that everything was OK. The certificate appears in the list under Remote Access > Certificate Management > Certificates. The intermediate certificate appears under Remote Access > Certificate Management > Certificate Authority, where it shows up as a Verification CA. I was able to select the new certificate as the WebAdmin/User Portal certificate under Management > WebAdmin Settings > HTTPS Certificate.
The problem? Some browsers just won't accept it. Safari has no problems with it, but Firefox tells me the connection is untrusted. Under Technical Details, Firefox says "The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)"
I've tried verifying the certificate at this URL:
The results tell me that it "failed for the following reasons: The intermediate CA certificate cannot be found"
I also tried this verification URL:
which tells me "Error while checking the SSL Certificate!!
Unable to get the local issuer of the certificate. The issuer of a locally looked up certificate could not be found. Normally this indicates that not all intermediate certificates are installed on the server."
So, except for Safari, everyone seems to be in agreement that the intermediate certificate is not installed. Except that it is! I'm looking right at it. Have I missed a step somewhere? Could this possibly be a bug in the Astaro software? How do I fix this problem?
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
