Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to fix StartSSL certificate chain errors

    Scheduled Pinned Locked Moved webGUI
    1 Posts 1 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      LinuxTracker
      last edited by

      For Firefox users who get the The certificate is not trusted because no issuer chain was provided error, using a StartSSL certificate, here's a solution.

      Go to System -> Cert Manager -> Certificate Authority Manager
      Give a Descriptive Name (ie: StartSSL)
      Choose Import an existing Certificate Autority

      In the Certificate Data field, paste the text from StartSSL's Class 1 Intermediate Certificate Authority pem file.
      The file is located here: https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem
      (I d/l it, opened it in Notepad++ and copied the contents)

      Leave the Certificate Private Key blank.
      Set your start serial number and save it.

      That's it.

      In System -> Cert Manager -> Certificate Manager you should see the cert issuer change from external to the CA Friendly name.

      Thanks to Derelict who clued me in here. -> https://forum.pfsense.org/index.php?topic=85508.0

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.