Certificate authority invalid

Question

We recently renewed our certs for our vhost domains: genietvanhetleven.org newportandbeyond.org privustech.com truthcourage.org

Chromium reports ` NET::ERR_CERT_AUTHORITY_INVALID

Firefox reports ` SEC_ERROR_REVOKED_CERTIFICATE

The sites open just fine in Konqueror.

I cleared the cache in Chromium and Firefox and shut down for the night. After a restart they all are now working under http but https is struck out.
We have Used Qualys: Qualys shows For privustech.com: Certificate #2 No SNI Common names genietvanhetleven.org MISMATCH Trusted No NOT TRUSTED ` Path #2: Not trusted (invalid certificate:

Where is this second cert coming from????

This and all the others get an "A" rating without any other errors.

=====

This may be due to CA cert issues. However, we have: • Checked the CA certs, they are valid • Checked file encoding, they are valid (us-ascii) ` • Redownloaded and installed the site and intermediate chain certificates.
We have checked the key-cert pairs, they are valid: openssl x509 -in _start.crt -text -noout
We have checked the chains, they are valid: # openssl verify -verbose -CAfile _start_chain.crt _start.crt _start.crt: OK
We have checked the validity dates, they are valid. # openssl x509 -startdate -enddate -noout -in _start.crt notBefore=Jan 28 21:17:02 2017 GMT ` notAfter=Jan 28 21:17:02 2020 GMT
We have checked configuration files. they are valid: All have the same ServerName privustech.com:993 ServerAdmin alavarre@privustech.com SSLCACertificatePath /etc/ssl/certs SSLCACertificateFile ` /etc/ssl/certs/StartCom_Certification_Authority.pem
We have checked error logs: X509_check_private_key:key values mismatch But they do match.

So quite a mess. It was working fine until the OLD certs,expired, but we have installed the NEW certs, intermediate and CA certs and cleared the cache, so why is it addressing the old certs???

Certificate authority invalid

Answers (1)

Related Questions