I used the CSR from mail-in-a-box admin to get a Gandi.net standard SSL cert. Upon installing the SSL cert in the Mail-in-a-boc admin, I receive the following error:
“The certificate is missing an intermediate chain or the intermediate
chain is incorrect or incomplete. (/tmp/tmpdpjeakv6.pem: OU = Domain
Control Validated, OU = Gandi Standard SSL, CN = box.mydomain.net
error 20 at 0 depth lookup:unable to get local issuer certificate)”
I have also attemtped to add the intermediate cert in the admin UI, but get the same error. Please advise.
I successfully created and used an SSL cert from StartSSL.
Gandi.net was too much of a pain to deal with for now. I am primarily testing Mail-in-a-box for being a one-click, idiot-proof email server solution.
So far, so good when you get the right combination of things sorted out, and you use the recommendations given on the admin pages.
Have to use UserTrust pem; problem solved.
Yea, so that’s still not helpful. I’ve read that page up and down. Left and right. Bollocks. I moved on to a StartSSL cert. It just works.
For anyone who has had issues setting up the Gandi SSL certificates, this worked for me:
Input into the
SSL intermediate chain (if provided):
This certificate on top.
This certificate below:
The one after
You may download the certificate in DER format at the following address: http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt or recover it from the PEM format below:on this page.
For clarity; you want the PEM format.
I had the same problem with a StartSSL certificate. I downloaded the intermediate certificate from here
I use the StartSSL wildcard certs and they seem to work great with MiaB. I liked the setup so much I decided to upgrade to the personal validation.
In regards to StartSSL to, I did not use the CSR provided by MiaB so I could make a stronger certificate than the CSR requested. This did however require me to manually go and replace the private certificate on the server. No big deal, just something to keep in mind. I did not like how Chrome was complaining about it being a weak certificate when I used the MiaB CSR thus leading me down this path.
When did you first set up your box? Any box created recently should be providing SHA2 CSRs, which should fix that problem.
It was under the previous version, about 6 weeks ago or so. I have since moved onto the current version and did not even think to look. I just made my own as I wanted the better cert.
Hmm. The change was longer than six weeks ago. Maybe there’s a bug.
I was on 0.08 when I created the initial certificate if that helps.
Yeah, I also had an issue installing certificates from any SSL provider. What I did was manually install the certificate into the box in /home/user-www