Skip to main content

Verisign/Symantec "Failed to configure CA certificate chain!"

I've deployed a few SSL enabled sites in the past but have never encountered as much trouble as I did with Verisign/Symantec Secure Site SSL certificate. And the thing is it can all be blamed on a poorly formatted Download Symantec Secure Site Primary and Secondary Intermediate CA bundle page. Yes even though it does say the word 'Download' you are actually asked to copy and paste; brilliant considering that if you do so your resulting file is malformed due to additional white space on each line

I did not notice the white space until well into my second hour of frustration and pain. Apache just chokes with "Failed to configure CA certificate chain!" or "Unable to configure verify locations for client authentication" errors. For the substantial premium clients pay to use SSL Verisign certificates I must say I really expected better.

To resolve the issue either manually remove the white spaces or create the chain file by copying and pasting from the 'Get Certificate' page (format X.509) the First Intermediate Certificate: and Second Intermediate Certificate: sections - End Entity Certificate: is your SSLCertificateFile.

Hope this helps you out, feel free to follow me on twitter: @danielsokolows or google plus.

Comments

  1. furryscorpionleatherFebruary 9, 2013 at 2:52 AM

    I ran into the exact same problem and your article helped me avoid pulling hairs out! Symantec should fix this ASAP. There are clearly white spaces at the beginning of each line. This is a Symantec BUG.

    ReplyDelete
  2. UnknownMarch 13, 2014 at 12:40 PM

    You saved me too! Thank you and I am glad this was easy to find.

    ReplyDelete
  3. UnknownMarch 17, 2014 at 10:50 PM

    Thank you a lot, your article made me review my intermediate.crt file and i found the problem.
    I was missing one hyphen sign out of five, at the end of file, and it took my days. Thanks again.

    ReplyDelete
  4. UnknownJune 12, 2014 at 4:22 AM

    THANKS A LOT!!!!!!! Damned VeriSign Copy/Paste stufffffff!!!!

    ReplyDelete

Post a Comment

Popular posts from this blog

Duplicate value found: duplicates value on record with id: <unknown>.

System.DmlException: Insert failed. First exception on row 0; first error: DUPLICATE_VALUE, duplicate value found: <unknown> duplicates value on record with id: <unknown>. The above error is triggered in the database layer and caused by a trigger or workflow outside of your main code of block that is bubbling this exception. This is rather difficult to track down especially if you are unfamiliar with the code, I am sharing my procedure in the hopes this saves you time - if you find this helpful drop me a line or follow me on twitter @danielsokolows . This error is caused by unique field constraint on the object, so the first step is to examine the object and locate the API names of all unique fieds. You can do this through SF direclty 'Setup < Customize &lt <object being inserted> &lt Fields' or by downloading the `src/objects` metadata information and searching for <unique> ; I preffer the latter and actually download ALL matadata i...
3 comments
Read more

Softeher 'Error occurred. (Error code: 2)' sollution

Protocol error occurred. Error was returned from the destination server. The Softether server by default to run on port 443 , if you server also hosts normal https then 443 is already taken and so Softether can't bind to it. When you run `vpncmd` it attempts to connect, find an active port, but of course fails with 'Protocol error occurred. Error was returned from the destination server.' because it's not actually connecting to the vpn server. By default Softether also listens on 992 , 1194 , and 5555 so the sollution is to modify specify `localhost:5555` when executing the `vpncmnd`. If this has helped you feel free to comment or follow me on twitter @danielsokolows .
6 comments
Read more

GeoDjango + Spatialite (SQLite3) Setup Issues

Because there are fresh ones every time I start a new project! As of May 03 2013 I have opted to install virtualenv --system-site-packages and running aptitude-install python-pysqlite2 spatialite-bin gdal-bin ; the site are not as self contained any more but sure beats fighting with the issues. All my Django projects are self contained (as much as possible) with Virtualenv and use Spatialite database (SQLite3 +geo spatial stuff) installed so to enable GeoDjango functionality. This post is a list of issues I encounter related to that setup and how I resolved them; as I seem to run into a new one on every project start. And as always if you found this useful do +1, or follow me on twitter @danielsokolows /usr/include/spatialite.h:61: note: previous declaration of ‘spatialite_init’ was here Say what? --- this one threw me for a three hour fun time. It happened because I executed 'pip install pyspatialite' will install the 3.X vesion which is is broken and craps out with: ...
2 comments
Read more