ssl intermediate certificate error
HOW TO

[FIXED] The SSL certificate is not trusted in all web browsers – Chain Certificate Error

Recently, I came across this weird error while I tried Gtmetrix speed checkup on my website which was hosted on AWS EC2 instance. Installing an SSL on EC2 is not as easy as CPanel. I got a free SSL from sslforfree and installed the Certificate on AWS. I was using google chrome and the SSL was working fine but when I tried GTmetrix speed test, it threw an error saying that “An error occurred fetching the page: HTTPS error: certificate verify failed”. Upon checking my SSL certificate on sslshopper, I came to know that my SSL certificate is not valid on all the web browsers, so I wanted to fix it. The exact message that sslshopper showed was

The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate.

What is SSL Intermediate/Chain Certificate Error?

The certificate not trusted error indicates that the SSL certificate is not signed or approved by a company that the browser trusts. This occurs most often for one of the following reasons:

  • The web site is using a self-signed certificate. Self-signed certificates can be generated for free but they don’t provide as much trust as a commercial certificate. You can tell your browser to trust the self-signed certificate or you can buy (or ask the site owner to buy) a trusted SSL certificate from a certificate authority.
  • The web site is using a free SSL Certificate. Free SSL Certificates are issued by a couple of free certificate authorities but their Root Certificate must be manually imported to each browser to get rid of this error.
  • The web site is using a trusted SSL certificate but it is missing a chain/intermediate certificate. Most trusted certificates require that you install at least one other intermediate/chain certificate on the server to link your certificate up to a trusted source.

Source: SSL Shopper

How to Fix SSL Intermediate/Chain Certificate Error?

Step 1: Go to the file where your certificate is located. In AWS EC2, the path will be  /opt/bitnami/apache2/conf/. On CPanel, search for SSL/TLS on your CPanel Dashboard. ( I don’t know if this error occurs on websites hosted on CPanel, if it does, try this method to fix it)

Step 2: Now, open the CA Bundle which was provided by your SSL provider when you registered. CA bundle is also a certificate that looks like the main SSL Cerficiate. If you don’t have the CA bundle now, you need to generate a new SSL certificate and note it.

Step 3: Copy the content of CA Bundle and append it after your original certificate. For example, your main SSL certificate is

–Begin Certificate—

fat63hwe45y548yjhfhg

47436475y43tjkgkhfg44

&34hjdhfguihfguifghguh

–End Certificate–

You need to paste the CA bundle content after the –End Certificate– line.

Note: If you had lost the previous CA bundle and generate a new certificate now, first make sure the ssl certificate is updated on your server first and then append the CA bundle.

Step 4: Save the file and restart the server. Incase of AWS, restart apache using sudo /opt/bitnami/ctlscript.sh restart apache. In CPanel, I don’t think you need to reset the server.

That’s all, now check your SSL on SSl Shopper. I hope this method works. Leave a comment if it worked for you.

I don’t know much about the technical aspects of this error, the above method may not be the best one but it solved my issue and hence I thought I should share.