分类: 系统运维
2009-05-25 16:24:08
I recently worked with an install of Kerio Mail Server and I installed an SSL certificate issued by Godaddy. The install went okay, following the and Internet Explorer worked fine. My problem was with Firefox. I kept getting the error “sec_error_unknown issuer”. Obviously this error means that Firefox was not recognizing the Godddy as a valid certificate issuer. In short, you may come across this problem if the is not installed on your server as well as your SSL certificate you purchased. The Intermediate Certificate is available for free download at GoDaddy. It is a universal certificate and it is not custom made for each user. So what happens is Firefox goes to your site for your SSL certificate, it sees that it does not recognize GoDaddy, so then it asks your server who GoDaddy is and at that point your server will provide the GoDaddy Intermediate Certificate.
In the case of installing it on Kerio Mail Server, you need to download the “Go Daddy Secure Server Certificate (Intermediate Certificate)” and on Linux Systems, place the certificate in opt/kerio/mailserver/sslca. If you browse to that dirctory, you will see that Kerio Mail Server ships with the Verisign, RSA and Thawte Intermediate certificates, but not GoDaddy as well as Comodo or others.
cat gd_intermediate_bundle.crt > mysite_combined.crt
server {
listen 443;
server_name
ssl on;
ssl_certificate /your/ssl/folder/mysite_combined.crt;
ssl_certificate_key /your/ssl/folder/;
...
}
/etc/init.d/nginx reload