Skip to main content

Mozilla Firefox: "This connection is untrusted." + SSL Certificate + Cpanel

When you browse to a secure website using Mozilla Firefox, you may encounter the message: "This connection is untrusted."  Google Chrome and Microsoft Internet Explorer may not display a warning.  They may in fact display icons and related information stating the channel is secure.  You may observe that other computers using Firefox do not display the message: "This connection is untrusted."

There are numerous reasons for encountering the message: "This connection is untrusted."  An example of this would be an expired SSL Server Certificate.  However, you may find the issue is due to missing Intermediate Certificates in the SSL Chain.  The missing Intermediate Certificates may be the RSA Domain Validation Secure Server Certificate and the RSA Certification Authority Certificate.  On Windows computers, Google Chrome and Microsoft Internet Explorer use the Trusted Root Certification Authorities Store on the client computer to obtain the Intermediate Certificates in the SSL Chain.  Firefox uses the Mozilla CA Certificate Store and retrieves the Intermediate Certificates from the Internet when it has not been previously cached.  When cached from other websites, the Intermediate Certificates are present and the message "This connection is untrusted" is not displayed.

To install an SSL Server Certificate, you normally select your SSL Server Certificate in Cpanel and then click Install Certificate.  Upon installing your SSL Server Certificate, Cpanel then normally fetches the Intermediate Certificates from a public repository.  The SSL Channel is then activated and everything appears to be normal.  If you are using Cpanel, you may find the SSL Channel is active but the Intermediate Certificates have not been installed.  To resolve this issue, please perform the following steps:

Re-Keying SSL Server Certificate in Cpanel
  1. Email your Certificate Authority and obtain their current CA-Bundle.

  2. Make a manual backup of all SSL Certificate Information in your Cpanel SSL/TLS Manager.

  3. After completing a manual backup of all SSL Certificate information (not outlined here), browse to your Cpanel SSL/TLS Manager.

  4. Click Certificates and delete the existing SSL Server Certificate. 

  5. After certificate deletion, click the Return To SSL Manager button.

  6. Click Activate SSL on Your Web Site (HTTPS) and then click Uninstall next to the SSL Server Certificate you wish to uninstall.

  7. After uninstallation, click your Browser Back Button.

  8. Click Certificates and browse to your CRT file and then click Upload Certificate.

  9. After upload, click the Return To SSL Manager button.

  10. Click Activate SSL on Your Web Site (HTTPS) and then click Browse Certificates.  Then click Use Certificate.

  11. The Certificate (CRT) field and the Private Key (KEY) fields are then auto-filled.  In the last field labeled Certificate Authority Bundle (CABUNDLE) Optional, paste the CA-Bundle text.

  12. Click Install Certificate.
This issue has been resolved.

To confirm this, I recommend the following online tools:

https://www.geocerts.com/ssl_checker

https://www.ssllabs.com/ssltest/analyze.html

https://sslanalyzer.comodoca.com/ 

https://www.sslshopper.com/ssl-checker.html

Labels:

Comments

Post a Comment

Popular posts from this blog

Access Denied (policy_denied). Your system policy has denied access to the requested URL. For assistance, contact your network support team.

While browsing the internet, you may encounter the message: "Access Denied (policy_denied).  Your system policy has denied access to the requested URL.  For assistance, contact your network support team."   This message indicates the internet traffic is being filtered.  The most common source of an internet traffic filter is in corporate environments that use a proxy server or a firewall appliance designed to filter web traffic.  Some businesses are configured as satellite locations using a VPN tunnel.  In these configurations, the VPN may be configured to filter internet traffic.  In rare instances, the Internet Service Provider is filtering internet traffic.  Typically though, your IT Department or a Network Management Team has configured your internet traffic to be filtered.  Isolating Source of Web Filtering In an environment that is unmanaged and the source of the filtering is unknown, following are some steps you may wish to peform: Th...
3 comments
Read more

Event ID: 7001 - Source: VSS - Unable to create a shadow copy

When using Microsoft Windows Server, you may encounter the error message: "Unable to create a shadow copy."  In the Event Viewer, you may find the following Event: "Event ID: 7001 - Source: VSS - Unable to create a shadow copy."  This event involves the Volume Shadow Copy Service (VSS).  Most likely the Server was rebooted while creating a Shadow Copy.  Many websites describe deleting or renaming the C:\WINDOWS\SYSTEM32\WBEM directory used by Windows Management Instrumentation to resolve this issue.  This is not correct.  Following are the steps to resolve this issue: Double-click My Computer. Right-mouse click the Hard Drive causing the problem. Click the Shadow Copies tab. Select the appropriate Volume. Click Disable. Click OK. Click Start - Control Panel - Administrative Tools - Scheduled Tasks. Delete all tasks related to the Volume Shadow Copy Service. Reboot the Server. Double-click My Computer. Right-mouse click the Hard Drive causing the problem. Cl...
Post a Comment
Read more

How do you stop an unstoppable Windows Service?

You may encounter a Windows Service in Services that has the buttons for Start, Stop, Pause and Resume greyed out.  If you attempt to stop the Service using sc stop [servicename], you encounter the error message: "The requested control is not valid for this service."  To resolve this issue, please perform the following steps: Click Start - Control Panel - Administrative Tools - Services. Double-click the relevant Service. Change the Service Start-Up Type to Disabled. Click Apply. Click OK. Hit CTRL-ALT-DEL on your keyboard. Select Task Manger. Perform an End Task on the relevant Service. This issue has been resolved. http://www.smartnetadmin.com
Post a Comment
Read more