I have a site thats not safe.. The Certificate pops up in the address bar when loading, but onload it disappears..
When I comment out this line the connection stays safe when loaded? Why?? The path is relative?!
div.welcome {
margin:0px auto;
//background:url('/gfx/layout.dialog_body_bg.png') bottom repeat-x #fff8a9;
border:3px solid #d98704;
box-shadow:3px 3px 7px 0px rgba(0, 0, 0, 0.2);
border-radius:3px 3px 3px 3px;
}
#httpd.conf
<VirtualHost *:443>
ServerName domain.com
ServerAlias secure.domain.com
DocumentRoot /var/www/domain.com
SSLEngine on
SSLCertificateFile /var/ini/ssl/secure.domain.com/public.crt
SSLCertificateKeyFile /var/ini/ssl/secure.domain.com/private.key
SSLCACertificateFile /var/ini/ssl/secure.domain.com/intermediate.crt
SSLVerifyDepth 1
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
</VirtualHost>
If you check the website using the link below, you'll notice that it's currently returning only the server certificate. Scroll to the bottom of the page to see the certificates returned by the server.
http://certlogik.com/sslchecker/secure.dynaccount.com/
Your server should be configured to also return the intermediate cert. This lets the browser build a path from your server cert to one of its trust anchors (Thawte root CA cert). When the intermediate cert is also returned, the SSL Checker website will display a green tick to the left of the word Trusted. Currently there is a warning sign to indicate the missing intermediate certificate.
As an example, this site correctly returns a Thawte intermediate certificate:
http://certlogik.com/sslchecker/nhsprofessionals.nhs.uk
There are lots of CAs that give examples of how to configure webservers to return the cert chain (just use your Thawte certs instead in the examples they give) e.g.,:
This link from the university of Cambridge provides some good info also: