Spiceworks and Intermediate SSL certificates

royiversen8199 · 2011-05-03T02:38:40.000Z

I’m trying to secure my Spiceworks installation with my existing Wildcard SSL certificate from www.digicert.com . I’ve followed the instructions at http://community.spiceworks.com/how_to/show/922 and the certificate works just fine when using Internet Explorer. But other browsers gives a certificate error, as do Digicerts SSL testing tool. It says the server is not sending the correct intermediate certificate. Internet Explorer fetches these automatically but other browsers don’t. So I need Apache to send this intermediate certificate. But how?

Any help would be greatly appreciated.

Nick-C · 2011-05-03T02:47:29.000Z

You need to change the Apache config slightly from the settings given in that How-To to tell Apache to use the intermediate cert to build a full chain.

Oddly enough the digicert website itself gives you the correct settings to use

http://www.digicert.com/ssl-certificate-installation-apache.htm

Obviously you can ignore the first and last bit of that guide and just grab the relevant bit of the config file to use.

bytesnake · 2011-05-03T02:49:18.000Z

Maybe this helps: http://community.spiceworks.com/how_to/show/1257

"8. In httpd\conf\httpd.conf change/add the following lines (should copy the original file first):

SSLCertificateFile “ssl/server.company.com.pem”
SSLCertificateKeyFile “ssl/server.company.com.pem”
SSLCertificateChainFile “ssl/sf_bundle.pem”

9. Restart Spiceworks"

royiversen8199 · 2011-05-03T05:53:53.000Z

Thanks for the tips. Digicert had multiple intermediates, so I had to get a bundle file from their support. It’s working fine now, however in Internet Explorer I’m getting the “Only secure content is displayed” warning on my spiceworks site. I read somewhere that using a proper public cerificate should have fixed this.

Any ideas on this?

Thanks.

Nick-C · 2011-05-03T06:02:32.000Z

Is that on the portal or in the main helpdesk/devices pages?

royiversen8199 · 2011-05-03T06:09:29.000Z

I have the error on the main pages like dashboard and helpdesk. On /portal I have no errors

Nick-C · 2011-05-03T06:14:37.000Z

The errors you see are likely down to some content being loaded via the community over non-SSL connections (like ads and community updates).

royiversen8199 · 2011-05-04T00:15:54.000Z

Yes, it’s the ads and community updates on the right hand side. Isn’t this annoying other users as well, or is it just me? Is there any way to disable or work around this?

Thanks

jeffhoge2538 · 2011-06-09T14:25:33.000Z

It’s annoying me too but I’m going to end up rolling out a GPO to allow mixed content in the local intranet zone for IE which will suppress the message.