Saturday, December 15, 2012

Verisign/Symantec "Failed to configure CA certificate chain!"

I've deployed a few SSL enabled sites in the past but have never encountered as much trouble as I did with Verisign/Symantec Secure Site SSL certificate. And the thing is it can all be blamed on a poorly formatted Download Symantec Secure Site Primary and Secondary Intermediate CA bundle page. Yes even though it does say the word 'Download' you are actually asked to copy and paste; brilliant considering that if you do so your resulting file is malformed due to additional white space on each line

I did not notice the white space until well into my second hour of frustration and pain. Apache just chokes with "Failed to configure CA certificate chain!" or "Unable to configure verify locations for client authentication" errors. For the substantial premium clients pay to use SSL Verisign certificates I must say I really expected better.

To resolve the issue either manually remove the white spaces or create the chain file by copying and pasting from the 'Get Certificate' page (format X.509) the First Intermediate Certificate: and Second Intermediate Certificate: sections - End Entity Certificate: is your SSLCertificateFile.

Hope this helps you out, feel free to follow me on twitter: @danielsokolows or google plus.

5 comments:

  1. I ran into the exact same problem and your article helped me avoid pulling hairs out! Symantec should fix this ASAP. There are clearly white spaces at the beginning of each line. This is a Symantec BUG.

    ReplyDelete
  2. You saved me too! Thank you and I am glad this was easy to find.

    ReplyDelete
  3. Thank you a lot, your article made me review my intermediate.crt file and i found the problem.
    I was missing one hyphen sign out of five, at the end of file, and it took my days. Thanks again.

    ReplyDelete
  4. THANKS A LOT!!!!!!! Damned VeriSign Copy/Paste stufffffff!!!!

    ReplyDelete