Comodo Intermediate Certificate

In October, 2010, we obtained a certificate for embedded.eecs.berkeley.edu from the department. Unfortunately, Safari did not recognize the certificate authority. 
  1. cd /usr/local/apache/conf
mkdir intermediates
cd intermediates
  2. Download the "as X509 Intermediates/root only" certificate (May 2014 cert url used below.) 
    wget --no-check-certificate 'https://cert-manager.com/customer/InCommon/ssl?action=download&sslId=318507&format=x509IO'
    where https://cert-manager.com... is the complete "as X509 Intermediates/root only" URL in the email with your cert.
  3. Rename the download: 
    mv ssl* intermediate-comodo.crt
  4. Edit /usr/local/apache/conf/extra/httpd-ssl.conf and find the section at the top Update or change the SSLCertificationChainFile line: 
     SSLCertificateChainFile /usr/local/apache/conf/intermediates/intermediate-comodo.crt
  5. Stop and restart the server
  6. Check that Safari does not have the error. Note that to see the certificate in Safari, click on the lock icon in the upper right.
Old Verisign info below here When connecting to https://chess.eecs.berkeley.edu I was getting an invalid certificate chain message.

I had to install an intermediate certificate from Verisign

I ended up at http://www.verisign.com/support/verisign-intermediate-ca/secure-site-intermediate/index.html

  1. I copied the certificate to /usr/local/apache/conf/intermediate.crt
  2. Added these lines to /usr/local/apache/conf/ssl.conf for just the chess virtual host: 
        ## Added 2/15/07
    SSLCertificateChainFile
    /usr/local/apache/conf/intermediate.crt
  3. I then ran 
    /etc/init.d/apachectl graceful
Problem solved.