SSL Certificate from StartCom not accepted


  • I just tried with chrome and IE. Both do not complain.

    But you are right as SSL Checker says:
    The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. You can fix this by following StartCom’s Certificate Installation Instructions for your server platform. Pay attention to the parts about Intermediate certificates.

    But as I tried to follow StrCom’s instructions and their forum doesn’t help until now , so I got stuck.

  • developer

    @rekisum Did you use the correct intermediate certiciate, “StartCom Class 1 DV Server CA” from https://startssl.com/root?


  • do you mean the 1_root_bundle.crt ?
    It came in the zip file.
    Where do I find “StartCom Class 1 DV Server CA” on the web site?
    Thanks for the quick help by the way 🙂

  • developer

    @rekisum On https://startssl.com/root, “Intermediate CA Certificates”, you can download “StartCom Class 1 DV Server CA” in PEM format (.crt).


  • yeah, found already ca.server1.crt 🙂
    tried to use it as certificate chain file
    SSLCertificateChainFile /etc/ssl/certs/sca.server1.crt
    didn’t help
    did you mean that?
    or is the pem file better?
    ?


  • neither of them worked 😞

  • developer

    @rekisum Well, according to ssllabs.com, the StartCom Class 1 DV Server CA is still not in the chain. So there’s something wrong with the configuration, maybe the SSLCertificateChainFile is not applied or something. You will have to fix that to get the certificate accepted by all clients.

    Or, just click on “Always accept” in DAVdroid, it should work, too. But it won’t fix the real problem.


  • How do you see that?
    It says: Chain issues incomplete
    Do you mean: extra download?

    No, always accept doesn’t work.
    Have alway to click the dialog multiple times.

  • developer

    @rekisum said:

    How do you see that?
    It says: Chain issues incomplete
    Do you mean: extra download?

    Yes, that means that chain is not complete and requires extra downloads to verify it.

    No, always accept doesn’t work.
    Have alway to click the dialog multiple times.

    Then there’s a bug.


  • @rekisum Try removing the account from your Android device and re-adding it. I’m having similar problems (dialog constantly popping up) after a change of the certificates and re-creating the account solves the problem consistently.


  • Ok, seem I resolved my SSL certificate problems, despite the CA-Flag.
    At sometime finding the bug i disabled the StartCom certificate in the System Settings.
    Enabling it and going through accept permanently dialogs seems to fixed it.
    Calender gets synced again. .-)

Similar topics