Intermediate CA Bundle

amel · August 20, 2012, 9:02pm

Hello,

just purchased and installed the SSL CA from rapidssl.com. The CA is installed from Virtualmin Admin Panel
as described below:

“Server Configuration” - “Manage SSL Certificate”

But after the CA was successfully installed I tested it again and I still receive a warning when browsing the site using https://

Than I contacted the RapidSSL support department and they told me that I need to install the
Intermediate CA Bundle and it can be done by following their link below:

https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO6252&actp=AGENT_REFERAL

I have to download a file from their site and install it on our server, but can this be done trough Virtualmin or ? any great suggestions and detailed steps are really appreciated as I am very careful when manually editing the httpd.conf file…

Thank You

Best regards

Amel

Eric · August 21, 2012, 1:04am

Howdy,

If you go into Server Configuration -> Manage SSL Certificate -> CA Certificate, you can specify your Intermediate Certificate there.

-Eric

helpmin · August 21, 2012, 9:37am

I think the main problem here is that Virtualmin doesn’t support the common SSLCertificateChainFile directive (even thoughy many ssl cert providers use this in their configuration examples). It is still possible to configure the system, but you need to join files (which is not obvious to most ssl newbies).

I reported the problem quite a while ago here:

https://www.virtualmin.com/node/22492

amel · August 21, 2012, 7:29pm

Hello,

thank You both for reply, I will just check it now and will let You know…

amel · August 21, 2012, 8:05pm

just tested it and it`s working like a charm, just as Eric mentioned in his post…
I just downloaded the RapidSSL Intermidiate file, saved it as “intermediate.crt” and uploaded it via Virtualmin and tested https:// and like I said works like a charm !

Thank You Eric !

Amel

10btoffice · June 5, 2015, 2:01am

Hi Eric,

Above you noted that Server Config/Manage SSL Cert/CA Certificate allows you to upload the Intermediate Cert, but the steps are not entirely clear, as there is only ONE upload button or text field UI.
Do you first upload the Web Server Certificate using the single upload button and the follow this by next uploading the Intermediate using the same UI, and VirtualMin understands that these are different and handles them differently?

Helpmin above noted you need to “join” them, but his link is not accessible to me even though I am logged in.

I tried combining the text of both into a single block of text and pasting this in the text field.
But get differing results in Chrome. When uploading separate .cert files in sequence (rapidssl.cert, then intermediate.cert, just text files with the extension), Chrome indicates that the identity is not verified, but that the connection IS encrypted (TLS 1.2)

Pasting in the combined text, Chrome indicates that the identity is verified, but the connection is not fully encrypted.

Or do I need to combine the two files in a different file format?

OR do I need to do something separate (in addition to this) with the “Update Certificate and Key” tab under Manage SSL?

Thanks
JL

10btoffice · June 5, 2015, 2:11am

Also - I did save the pasted text for the rapidssl.crt and the new key created with the CSR into the Update Certificate and Key UI, yet Chrome still tells me that the site identity is verified (but does not have public audit records)
and the connection is encrypted but uses other resources that are not secure. Uses TLS 1.2, AES_128_GSM, ECDHE_RSA. The site is a Joomla 3.3.x website.

10btoffice · June 5, 2015, 3:42am

After a few more permutations of the above it seems to be working but still with the encryption notices. But that now seems to be unrelated to VirtualMin setup. Thanks anyway. Will proceed trying to identify what those are.

IN any case, if there is a way to access the link above that is not accessible, that would be great for reference. Cheers.