Forum Discussion
NimbostratusVerisign intermediary certificate errors on google chrome/android
Chrome is showing yellow arrow on lock for our certificate. It looks like chrome is not seeing a certificate chain.
Our site ssl profile does NOT have a ca or chain configured on it. We only have 2 Verisign certificates in our list of SSL certificates, plus a bundle which includes these 2.
Looks like the root/primary Verisign cert is older than what gets displayed via a browser.
Question(s): 1. how to fix this 2. can we just add the correct Verisign cert to SSL Certificates to correct this, or do we need to replace it. 3. does it matter if these certs are not configured in the ssl profile.
thanks
3 Replies
nag_54823Cirrostratus
All browsers will have verisign CA by default. Are you seeing this issue with only Google Chrome and not with other browsers ? If so below link can provide more info
http://googleonlinesecurity.blogspot.co.uk/2014/09/gradually-sunsetting-sha-1.html
JimT02dont think this is the sha1 issue. my chain has an older intermediary/root cert than that listed in browser certs.
so the chain looks broke.
can we just add newer cert or remove the old one from chain/SSL cert list in F5.
thanks.
Grayson_149410https://ssltools.websecurity.symantec.com/checker/views/certCheck.jsp
Check your certificate there and see if the chain is missing. If it is, just follow the instructions and combine the intermediate and root cert into one file and upload it to the LTM.
Then under the SSL profile, change the chain to that file.
