How to fix StartSSL certificate chain errors



  • For Firefox users who get the The certificate is not trusted because no issuer chain was provided error, using a StartSSL certificate, here's a solution.

    Go to System -> Cert Manager -> Certificate Authority Manager
    Give a Descriptive Name (ie: StartSSL)
    Choose Import an existing Certificate Autority

    In the Certificate Data field, paste the text from StartSSL's Class 1 Intermediate Certificate Authority pem file.
    The file is located here: https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem
    (I d/l it, opened it in Notepad++ and copied the contents)

    Leave the Certificate Private Key blank.
    Set your start serial number and save it.

    That's it.

    In System -> Cert Manager -> Certificate Manager you should see the cert issuer change from external to the CA Friendly name.

    Thanks to Derelict who clued me in here. -> https://forum.pfsense.org/index.php?topic=85508.0