Successfully read 2048 bit RSA private key
INFO: Successfully read 3 certificates
INFO: Private key matches leaf certificate
INFO: IssuerName of cert 0 matches the SubjectName of cert 1
INFO: IssuerName of cert 1 matches the SubjectName of cert 2
WARNING: Final certificate in chain is not self-signed
In the file serverall.txt first is the private key then the certificate and last the trusted roots. I have tried changing the order of the keys in serverall.txt but I get even more errors. I get the same error when I remove the trusted roots from serverall.txt.
Some third party CAs will not send you their self-signed root certificate on the assumption that all of your clients are web browsers who already have their root certificate pre-installed. If this is the case, then you should be able to operate successfully without that final self-signed root certificate.
Some clients will operate better if your server can send the entire certificate chain, including the final self-signed root. If your server falls into this category, then you should acquire the third party CA’s root certificate off their web site and append it to the end of your “serverall.txt” file. That will make the final WARNING message go away.
I tried to import the certificates one by one with the kyrtool.
First the private key followed by the two intermidiate trusts and last the certificate itself. They all where imported succesfully and the site now presents itself as secure when you browse to it.
Subject: That was my approach, a few questions for you?
I also have the Rapid SSL. Did you find a set of intermediate certs. that were all SHA-2? When I go to http://ssllabs.com/ssltesthttp://ssllabs.com/ssltest I get downgraded since one of my RapidSSL certs was SHA-1.
Also, not sure if you imported the top level root or not. I did the first time and got some warnings so I repeated the import of the roots with only the two intermediates and that worked fine.