Fixing sec_error_unknown_issuer

Screenshot: This Connection is Untrusted

After recently updating my SSL cert I found I was getting a sec_error_unknown_issuer error with FF Android.

As it turned out I'd missed a step in the configuration which is to include the intermediate certificate along with the main .crt file.

To do this you just cat the intermediate Gandi cert onto the .crt you got from your SSL provider. In my case this was all that was required:

cat GandiStandardSSLCA.pem >> mycert.crt

If you see errors from nginx on restarting, check you've got some space separating the end of the first cert from the beginning of the next.

For a full run-through on setting up a Gandi cert for Nginx see https://nicolas.perriault.net/code/2012/gandi-standard-ssl-certificate-nginx/

Show Comments