Can't get Network Solutions Certificate chain working with EC2 Elastic Load Balancer
Solution 1:
Please make sure that whether your certificate chain contains the intermediate and Root certificates in the proper order.
The best way to analyze the problem with the chain certificate I was found here: Wormly Test SSL Web Server.
I have started the Amazon ELB SSL configuration for my domain here: SSL Certificate for Elastic Load Balancing.
I am using COMODO Instant SSL certificates. So, I got the bundle of the certificates in a zip file. When I extracted, it contains four files inside it like:
1.AddTrustExternalCARoot {Root certificate}
2.COMODORSAAddTrustCA {intermediate certificate 1}
3.COMODORSADomainValidationSecureServerCA {intermediate certificate 2}
4.www_example_com {public key for my domain name}
Note: We need to convert the above certificate file into .PEM format, before using it in Amazon ELB. This is done by using the command:
openssl x509 -inform PEM -in {above certificate file name}
Now I went to Listeners part of ELB to configure HTTPS. ELB HTTPS have three brackets called:
1.Private Key {paste the private key which was generated using openSSL}
2.Public Key Certificate {paste the public key of www_example_com certificate}
3.Certificate Chain {paste the intermediate and Root certificate}
In the first attempt, as amazon guided the Certificate Chain part is optional. I went on leaving it's blank. It's worked fine in the PC browsers. And the problem was arrised while trying to open it in the android mobile browsers.
I have found solution here:Setting up SSL on an Amazon Elastic Load Balancer and Creating a .pem File for SSL Certificate Installations links.
So, to avoid this I have included the chained certificate in this order:
COMODORSADomainValidationSecureServerCA
COMODORSAAddTrustCA
AddTrustExternalCARoot
I have copy pasted the above three certificate including Begin and End tags in to the chain certificate bracket.
Now it's done. Great its worked fine. Now my SSL configuration is shown 100% secure when I checked it with Wormly Test SSL Web Server.
Thank you.
Solution 2:
I just ended up working this out, the correct order for the certificate chain is as follows:
OV_NetworkSolutionsOVServerCA2
OV_USERTrustRSACertificationAuthority
AddTrustExternalCARoot
Good luck!