DigitalOcean

Report this

What is the reason for this report?
Question

SSL Certificate issues only on Android Chrome?

Posted on August 26, 2015
Security
Apache
Nathan485

By Nathan485

So I installed a SSL certificate on a subdomain and everything worked fine for desktop Chrome and IE but when I use android chrome I get the following error… ERR_CERT_AUTHORITY_INVALID

Looking at the certificate it appears to only have only 1 certificate, the website’s, but not the root or intermediate. It is a class 1 certificate from StartSSL and this is my ssl virtual host config for my subdomain

SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

SSLCertificateFile /etc/apache2/ssl/cloud/ssl.crt SSLCertificateKeyFile /etc/apache2/ssl/cloud/private.key SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Nathan485
Nathan485
August 26, 2015

This comment has been deleted

0
Eldin Hadzic
Eldin Hadzic
August 26, 2015

Hello and welcome to Digitalocean

Here you go :

cd /etc/apache2/ssl/cloud/
wget https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem
cat ssl.crt sub.class1.server.sha2.ca.pem > ssl_unified.crt

Now your new Apache2 Configuration :

SSLEngine on
# Please no SSLv3
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

SSLCertificateFile /etc/apache2/ssl/cloud/ssl_unified.crt
SSLCertificateKeyFile /etc/apache2/ssl/cloud/private.key

Restart Apache2

PS I would recommend a better Cipher Suite:

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
0
Eldin Hadzic
Eldin Hadzic
August 27, 2015

@Nathan485 could you reboot your Droplet and provide me your Domain Name ?!

PS: You done everything right as we “installed” the correct chain.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.