PositiveSSL Untrusted Connection in Firefox

I recently ran into an issue with a PositiveSSL Wildcard certificate that I bought through NameCheap.com. The certificate was working correctly on all browsers except Firefox on Windows. It was giving me an untrusted certificate error.

The fix is found here. Basically, you need to install an intermediate certificate chain so that Firefox can follow the CA chain up to a trusted Certificate Authority. Many browsers already have this chained certificate info, but for some reason, Firefox on Windows doesn’t have it.

The PositiveSSL.ca-bundle can be found here.

If you are using Apache, the config will look like this:

SSLCertificateFile /etc/ssl/crt/yourDOMAINNAME.crt
SSLCertificateKeyFile /etc/ssl/crt/private.key
SSLCertificateChainFile /etc/ssl/crt/PositiveSSL.ca-bundle

Make sure you restart Apache.

/etc/init.d/apache2 restart