How to fix StartSSL certificate chain errors
-
For Firefox users who get the The certificate is not trusted because no issuer chain was provided error, using a StartSSL certificate, here's a solution.
Go to System -> Cert Manager -> Certificate Authority Manager
Give a Descriptive Name (ie: StartSSL)
Choose Import an existing Certificate AutorityIn the Certificate Data field, paste the text from StartSSL's Class 1 Intermediate Certificate Authority pem file.
The file is located here: https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem
(I d/l it, opened it in Notepad++ and copied the contents)Leave the Certificate Private Key blank.
Set your start serial number and save it.That's it.
In System -> Cert Manager -> Certificate Manager you should see the cert issuer change from external to the CA Friendly name.
Thanks to Derelict who clued me in here. -> https://forum.pfsense.org/index.php?topic=85508.0