If you ever run into the error “SEC ERROR UNKNOWN ISSUER” in combination with Firefox, Plesk and a proper (not self signed) SSL certificate just follow these steps.In this case I was using a free certificate from Start Com.
- for StartSSL certificates use the files from folder “ApacheServer” once you unpacked your certificate.zip
- for other SSL authorities you usually can download the CA certificate somewhere on their website
- Login to Plesk, choose the domain you want to secure, choose “secure Website” and open the certificate causing the error
- Scroll down to “upload certificate file” and add these two files from the zip
- 2_*example.com*.crt is your certificate
- 1_root_bundle.crt is the CA certificate
- After you uploaded the certificate, Plesk will take you back to the certificate overview. And it will throw a warning message at you. But this can be safely ignored. I won’t go into detail here. You can find information on this on the web.
SEC ERROR UNKNOWN ISSUER
So what is causing “SEC ERROR UNKNOWN ISSUER” in Firefox? You most probably forgot to upload the root (CA) certificate. In Plesk this is not obligatory. Thus your site might function properly in Chrome, Opera, Safari and Internet Explorer, because they use the operating system‘s certificate vault. But Firefox uses its own vault. Which is a more secure way of dealing with plugins, but also leads to this error if the server doesn’t supply the CA certificate.