PositiveSSL Untrusted Connection in Firefox

I recently ran into an issue with a PositiveSSL Wildcard certificate that I bought through NameCheap.com. The certificate was working correctly on all browsers except Firefox on Windows. It was giving me an untrusted certificate error.

The fix is found here. Basically, you need to install an intermediate certificate chain so that Firefox can follow the CA chain up to a trusted Certificate Authority. Many browsers already have this chained certificate info, but for some reason, Firefox on Windows doesn’t have it.

The PositiveSSL.ca-bundle can be found here.

If you are using Apache, the config will look like this:

SSLCertificateFile /etc/ssl/crt/yourDOMAINNAME.crt
SSLCertificateKeyFile /etc/ssl/crt/private.key
SSLCertificateChainFile /etc/ssl/crt/PositiveSSL.ca-bundle

Make sure you restart Apache.

/etc/init.d/apache2 restart

6 thoughts on “PositiveSSL Untrusted Connection in Firefox”

  1. Thanks, you helped me so much :) Now it’s working with firefox without a warning. Maybe this helps others: If you get *.crt files from your provider, it’s the same as *.pem files, but *.crt files can be read with windows.

  2. As for nginx I just needed to add that bundle to the end of .crt provided from issuer. Also all bundle files was provided as well yet I did not knew what to do with them since there weren’t any clear instructions. Thanks.

  3. I got the same error on trystack.org. so they need to add additional configuration then. When I open trystack with chrome no error arise

Comments are closed.