Plesk Question posted in
The official documentation for Plesk Obsidian can be found here.

"This CA Root Certificate is not trusted" with an SSL installed – Plesk

I just installed an SSL on Plesk, and when I go to https://www.example.com in Chrome, I get the error below:

This CA Root Certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities Store.

Sort of defeats the purpose of having an SSL. Any idea how I can make this message go away?

I bought the SSL from GoDaddy, which I would expect to be a trusted authority.

Tags:

4

Answers


  1. 0

    The only way to make that message go away, is by buying a real certificate from a trusted authority.

    Login or Signup to reply.
  2. 0

    GoDaddy is recognized on Windows operating systems, because the GoDaddy root certificate is pre-installed on Windows. But GoDaddy will not be automatically recognized in many contexts and would need to be manually configured by users (which is not a trivial task). IPhone, for example, will not trust GoDaddy certificates out of the box. You may consider getting certificate from established certificate authorities such as Verisgn or Thawte, but they will be more expensive.

    Login or Signup to reply.
  3. 0

    @John: GoDaddy is a registrar/webhost, I believe their certificates are just reseller certs. You don’t need to go expensive to get compatibility as @Jaro suggests. I’ve deployed several RapidSSL certificates that are recognized by Chrome/iOS and Safari/iOS without user intervention and are much cheaper than the higher-insurance certificates like Symantec/VeriSign.

    Login or Signup to reply.
  4. 0

    This issue occurs because the issuing authority has signed the server certificate using an intermediate certificate that is not present in the certificate base of well-known trusted certificate authorities which is distributed with a particular browser. In this case the authority (GoDaddy) provides a bundle of chained certificates that should be chained with the server certificate to address this issue of lack of trust. Unfortunately, GoDaddy does not provide any documentation on this front. You should have received two different certificates from GoDaddy, one for your server, and the bundle. Depending on your server, this is what the configuration would look like:

    • For Apache:

    Specify each certificate in its own directive:

    SSLCertificateFile /path/to/cert/www.example.com.crt
SSLCertificateChainFile /path/to/cert/bundle.crt

    Both certificates should be concatenated, first the server, then the bundle:

    cat www.example.com.crt bundle.crt > www.example.com.chained.crt

    And then use http://www.example.com.chained.crt in your server ssl_certificate directive:

    ssl_certificate www.example.com.chained.crt
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search