I just had to set up an SSL certificate for a client site and encountered really poor documentation trying to get it up and running. Whether the documentation was just presuming some other prior knowledge that I didn’t have I’m not sure, but I thought I’d document what I did to resolve it. If nothing else I can come back to this myself in future to remind myself but perhaps it will be of use to someone else.
Server configuration & SSL Certificate:
My server is a VPS running Plesk 9.5.4, the SSL certificate I was installing in this case was a GeoTrust QuickSSL Premium certificate. I don’t think there will be too much difference with other certificate providers, however the installation process in Plesk is quite specific so these instructions won’t necessarily be that helpful if you’re not using Plesk.
Instructions
The instructions provided for installing the certificate can be found in a PDF document linked here, simplified they basically say this:
- Go to your domain.
- Under ‘Additional Tools’, click ‘SSL Certificates’, add a certificate entry.
- Edit the certificate entry you just made, browse to the supplied certificate file in the ‘Certificate’ file field.
- Go to ‘Web Hosting Settings’ for your domain, select the certificate from the drop down, enable SSL support on the domain, click OK.
So, following those steps should get you up and running with SSL on your domain. However, one small difference for me was that the supplied SSL Certificate didn’t come as a text file, it was simply in the contents of an email so I had to carefully copy and paste this into a text field on the certificate page instead. Not a huge deal, but given that you have to be careful to paste all of it in it’s odd that it’s not mentioned in these instructions.
Not so fast…
Following the instructions before seemed to work at first, I tested it in various browsers and the certificate seemed to be accepted fine. Except in Firefox on Mac when I tried to access a secure page it showed me the following message:
The certificate is not trusted because no issuer chain was provided.
[Error code: sec_error_unknown_issuer]
A bit of Google searching came up with some answers, it seems that Firefox (on Mac at least) objects to there being no Trusted Root and Intermediate CA certificates. Who knew??!!! Certainly not me as there was no mention of this in any of the instructions provided!
Installing Trusted Root and Intermediate CA Certificates
GeoTrust have a page with installation instructions on how to install an SSL certificate on Plesk, funnily enough they state that you require the Trusted Root and Intermediate CA certificates (Why wasn’t this included in the previous PDF instructions? Who knows…). Here’s the link to this page (I know it refers to Plesk 9.2 but it worked fine for me on Plesk 9.5.4):
GeoTrust Support: Install certificate on Plesk 9.2
Follow the instructions on that page and you’ll be able to get your SSL certificate up and running. It’s important to make sure you download the right version of Trusted Root and Intermediate CA for the type of SSL Certificate you’ve installed, so double-check which one you’re getting.
The only issue I encountered following those instructions was that when I submitted all the files to add the certificates that it showed the following warning in Plesk:
Warning: the CA certificate does not sign the certificate.
However, I found that if you go out of the certificate editing view in Plesk and go back in that the error was no longer shown. I went and tested the page in Firefox and it was now working correctly so I’m just going to ignore that error as it seems to only be a temporary issue.
I hope this helps someone out, it took me way, way longer than anticipated to get this all set up, but hopefully it’ll be easier next time around :)
In my version of Plesk, 11, after I added the cert and CA it wouldn't work until I went to websites and domains, chose my domain and checked the box "enable SSL support" I saved, then it worked without warning. :)
@Aria: Other than what I’ve written here I don’t think I’ve got anything else I can suggest I’m afraid!
Hey dude still im getting this error for many hours now.
@Mark: Glad you got it working, it’s all a bit poorly documented so I’m glad this post helped!
Thanks for this excellent article. I had managed to negotiate the CA Certificate, and bogus error message but got stuck on enabling the new SSL certificate via Web Hosting Settings. Come on Plesk and web hosts sort your literature out!