How is intermediate CA presented?

Discussion in 'General' started by JESUSSAVES, Oct 5, 2014.


    JESUSSAVES New Member


    I'm having a problem with my StartSSL class 2 certificate but only on the Andriod operating system - any version of the OS, everything else works fine. URL: here It give a warning "untrusted authority".

    StartSSL is really out for the weekend but the weekend person told me I need to present the intermediate CA. I don't see how that is presented by ISPConfig. It is a class 2 server certificate and you can take out unlimited number of domain certificates. I'm using 2 now.

    Is there something wrong with my setup or does everyone have this problem with a StartSSL cert?

    Installation: Wheezy 7.6, Apache2, ISPConfig

    Thank you for your help.
  2. mccharlet

    mccharlet Member HowtoForge Supporter


    I use startssl class 2 for my isp admin console and it's work with android

    This is my configuration in /etc/apache2/sites-enabled/000-ispconfig.vhost file

    # SSL Configuration
    SSLEngine On
    SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
    SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
    SSLCertificateChainFile /usr/local/ispconfig/interface/ssl/

    I use this tutoriel

    Best regards
  3. srijan

    srijan New Member HowtoForge Supporter

  4. concept21

    concept21 Active Member

    You must copy and paste every intermediate certs, given to you by your trusted authority, into one cert file.

    JESUSSAVES New Member

    OK, all intermediate CAs into one cert file.

    May I ask you, are they simply concatenated together and presented in SSLCertificateChainFile? That would mean there is only one intermediate chain file right?

    If there is only one file then it could be presented in sites-available/default-ssl, am I right?

    Thank you for the help!
  6. concept21

    concept21 Active Member

    Yes, simply merge all the intermediate certs into a text file.

    You can use any web server's ssl cert as your global ispconfig ssl cert or set up a seperate one.

Share This Page