Had to install an SSL certificate from Trustwave today. The cert was emailed to the customer in a zip file. that contained several formats. For plesk the “.cer” file is the one that we needed. Also for the CA certificate there was a “chain.cer” file. Unfortunately Plesk (Apache) was not happy and complained that the private key did not sign the certificate. This indicates a problem with intermediate certificates. Using the commands given here:
http://blogs.reliablepenguin.com/2005/02/23/view_contents_of_ssl_certificate
I looked at the certificate and found that it was signed by:
C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Organization Validation CA, Level 2/emailAddress=ca@trustwave.com
The certificate in the chain file was for:
C=US, ST=Illinois, L=Chicago, O=Trustwave Holdings, Inc., CN=Trustwave Organization Validation CA, Level 2/emailAddress=ca@trustwave.com
and it was signed by:
C=US, O=SecureTrust Corporation, CN=SecureTrust CA
but there was not certificate for this signer.
I found the TrustWave roots here:
https://ssl.trustwave.com/support/support-root-download.php
Turns out this file, named “STCA” was what we needed:
https://ssl.trustwave.com/support/certificates/stca.crt
So I appended this cert to the chain.cer file and installed on the web server. Now it’s working correctly.