SSL cert “err_cert_authority_invalid”

Question

I have the following default-ssl.conf configuration:

    SSLProtocol all -SSLv2 -SSLv3
    SSLHonorCipherOrder On
    SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4     
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/ssl.crt                           
    SSLCertificateKeyFile /etc/apache2/ssl/private.key 
    SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem
    SSLCACertificatePath /etc/apache2/ssl/
    SSLCACertificateFile /etc/apache2/ssl/sub.class1.client.ca.pem

And everything appears fine on firefox, ie, chrome but on mobile chrome complains of NET::ERR_CERT_AUTHORITY_INVALID I've checked on Qualys SSL Labs and I get a grade B 'This server's certificate chain is incomplete. Grade capped to B' with the following errors:

Additional Certificates (if supplied): Chain issues Incomplete Certification Paths Path #1: Trusted: Extra download StartCom Class 1 Primary Intermediate Server CA Certification Paths Path #2: Trusted: Extra download StartCom Class 1 Primary Intermediate Server CA

I'm not really getting what's up given Chrome is fine on the desktop, any help?

Using StartSSL

Answer 1

You are missing chain certificates. On desktop Chrome and IE will fill these in (download from the web), Firefox might have these cached from other connections which share the same intermediate certificates. But Chrome on mobile will fail if these certificates are missing.