Menu
On some mobile browsers, like Chrome mobile for Android, I get a ERR_CERT_AUTHORITY_INVALID error when I am connecting to my https website. I do not have this problem on every mobile browsers (like Firefox) and there is no problem on PC.
My certificate is a Comodo Extended Validation certificate. I am contracting with Gandi.net, a french SSL certification authority and Gandi is in charge of getting the Comodo EV certificate and giving it to me. Gandi gave me a base PEM certificate + an intermediate PEM certificate. I installed both.
I did analyses on https://www.ssllabs.com/ssltest/analyze.html and it says "extra download" for one of the certificates (named "COMODO RSA Certification Authority") while I installed all the certificates I got from Gandi.
I tried to look into this thread but it did not help: SSL cert "err_cert_authority_invalid" on mobile chrome only
Does someone know what is wrong ? Thanks.
208
There's only one solution in either case to address this ERR_CERT_AUTHORITY_INVALID issue in Chrome, and that's to get an SSL certificate from a trusted certificate authority (CA). Getting an SSL certificate from a trusted CA will make browsers (including Chrome) trust your website.
For those interested here is how I solved the problem.
Problem: an intermediate Comodo certificate was missing in my certificate chain. My SSL certification authority (Gandi.net) was in charge of the relationship with Comodo and Gandi only gave me two certificates: a base certificate + an intermediate certificate. Both were in .pem format. I installed both and it was enough for almost any browser except for a couple of mobile browsers. Actually a Comodo intermediate certificate called "COMODO RSA Certification Authority" was missing.
Solution in 2 steps:
1) found the repository containing all the Comodo certificates here https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/620/0/which-is-root-which-is-intermediate. I copy pasted mine in .PEM format from this page https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/977/108/extended-validation-sha-2 (it is called "#intermediate1" here, not "COMODO RSA Certification Authority").
2) concatenated this new intermediate certificate with the first intermediate certificate I already had (called "#intermediate2" on the Comodo website) by putting this new certificate at the end of the first certificate. I did it this way:
-----BEGIN CERTIFICATE-----
intermediate#2
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
intermediate#1
-----END CERTIFICATE-----
Hope it will help !
153
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With