Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo
I am trying to create a simple certification chain:
RootCA <--> SubCA <--> Server-Certificate
RootCA: selfsigned certificate created with xca
SubCA: certificate signed with the RootCA certificate
Server-Certificate: exportet in a *.pem file and signed by the SubCA
I've exported the RootCA certificate in a *.crt file and imported it in my browser!
The Server-certificate is used by webmin (SSL Encryption).
If i try to open the webpage of webmin an dialog pops up. Firefox is not able to proof the validation of the submitted certificate.
If i import the certificate of the SubCA in firefox everything works fine!
So there must be a problem in the certificate chain.
Any hints? If you need further information, just let me know.
As long as noone knows about the SubCA, there is a missing Link.
So either you tell Firefox about it (and when you did, it worked suddenly)
or you tell your webserver to not only provide the server certificate,
but also send the SubCA certificate. This enables firfox to follow
the chain from the server cert via the SubCA cert up to the RootCA.
The apache2 option for this is "SSLCertificateChainFile"
Other webservers have similar options