Recently I’m unable to visit our site anymore via Firefox, which now reports an Error code: SEC_ERROR_UNKNOWN_ISSUER error.
This only happens on Firefox. I tried to look for other sites which experience the same error and was surprised that even
https://ssllabs.com is affected (which I ended up using to verify the integrity of our certificate).
Now, I do have an antivirus (Bitdefender - Free) which doesn’t allow me to toggle the SSL option separately, regardless if I turn off my
Protection Shield, both our site and ssllabs.com will work. Not something we want our visitors to do of course, so I kept reading and eventually found myself reading about intermediate certificates.
From what I’ve gathered the certificate I define in my
nginx configuration should include the intermediate certificate, which I do not know where to get. Our
nginx is using certificates provided by Cloudflare (which comes in a
.key/.pem pair), like so:
ssl_certificate /home/ubuntu/cloudflare/www.site.com.pem; ssl_certificate_key /home/ubuntu/cloudflare/www.site.com.key;
The contents of the
.pem file only contains a single block of certificate. What is an Intermediate CA, and where can I secure that and set that up?
Also, in Firefox, clicking the Advanced button, then the Error code: SEC_ERROR_UNKNOWN_ISSUER will display a certificate-like code I think I can use, but I hesitated to try. The contents provided by Firefox is composed of two certificate blocks, neither looks similar to the existing one provided by Cloudflare. My hunch is that this is the certificate Bitdefender is injecting, but really I don’t have a clue.