Wildcard certificate causes warning on Google Chrome only

Rafael V. asked:

I have a company.sv domain and recently purchased a RapidSSL wildcard certificate, I installed it and tested it with many browsers(Firefox, Chromium, Chrome, IE) and SSL checking tools, it worked fine on every one except on Google Chrome in neither Windows, Linux and Android.

Every time I access the website through Google Chrome it show a warning saying that I tried to access www.company.sv or whatever.company.sv but the server identifies itself as *.company.sv. If I continue despite the warning and click the red lock, it tells me that I’m connected to a server that is only valid inside my network and can’t be validated through an external certification entity.

I contacted the certificate re-seller’s support service but they couldn’t give me a straight answer about what was the problem. I’ve been wondering if it has something to do with TLD being .sv. I’ve also checked the Chromium source code but it seems kinda pointless since the certificate works flawlessly on Chromium.

Maybe it’s worth mentioning that I’m using NGINX on a Ubuntu 12.04 Server and that I tested a free single-domain certificate from Comodo before purchasing the wildcard one.

My answer:

It sounds like you forgot to install the intermediate certificate bundle on your web server. Visit the certificate vendor’s web site to download the intermediate bundle.

For nginx, this must be concatenated with your certificate and placed in the ssl_certificate directive, for instance:

# cat company.sv.crt ca_bundle.crt > company.sv.chained.crt

And in your nginx config:

ssl_certificate /etc/path/to/company.sv.chained.crt

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.