Top Nav

Trustwave Certificate Chain

Had to install an SSL certificate from Trustwave today. The cert was emailed to the customer in a zip file. that contained several formats. For plesk the “.cer” file is the one that we needed. Also for the CA certificate there was a “chain.cer” file. Unfortunately Plesk (Apache) was not happy and complained that the private key did not sign the certificate. This indicates a problem with intermediate certificates. Using the commands given here:

http://blogs.reliablepenguin.com/2005/02/23/view_contents_of_ssl_certificate

I looked at the certificate and found that it was signed by:

C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Organization Validation CA, Level 2/emailAddress=ca@trustwave.com

The certificate in the chain file was for:

C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Organization Validation CA, Level 2/emailAddress=ca@trustwave.com

and it was signed by:

C=US, O=SecureTrust Corporation, CN=SecureTrust CA

but there was not certificate for this signer.

I found the TrustWave roots here:

https://ssl.trustwave.com/support/support-root-download.php

Turns out this file, named “STCA” was what we needed:

https://ssl.trustwave.com/support/certificates/stca.crt

So I appended this cert to the chain.cer file and installed on the web server. Now it’s working correctly.

Email
Print