Cherokee Web-Server SSL Setup

Over the last couple of days we have been running into quite a few issues with online surveys regarding our SSL certificate in Internet Explorer 6. Once we made sure all of the media on our site was coming from a valid SSL source, our certificates worked fine on all browsers aside from the dreaded IE6. Though this is becoming less and less of a concern to many people, we here at FluidSurveys still work hard to support those die-hard fans who for whatever reason refuse to give up the browser war and continue to side with the six.

Initially, we thought we had it set up properly by following a mix of instructions for other web servers, such as apache and IIS, figuring out proper configuration through trial and error and we thought we had it all working. This was great until we noticed a pop-up in IE6 stating “The security certificate was issued by a company you have chosen not to trust. View the certificate to determine whether you want to trust the certifying authority.” After looking in to this message, I had determined that this message was caused by not having the intermediate certificate and root certificate installed properly with Cherokee. Simple enough, right? I checked with our certificate issuer and they had instructions for installing these certificates for what seemed like every web server but Cherokee web-server.  From the Apache instructions I knew I was looking for the equivalent of  the SSLCertificateChainFile which would provide the full chain of certificates from ours, back down to the root certificate.

After trying many things, and contacting godaddy, who told me they did not support Cherokee, I finally managed to figure out how to get it to work. The answer is pretty simple, if you follow the rest of the directions about setting up SSL with Cherokee, pointing your virtual server to the correct ssl certificate (Ours was fluidsurveys.com.crt) and the proper key (fluidsurveys.com.key) there was no place to input the gd_bundle.crt (The inermediate certificate package that godaddy provided us). The solution is to combine your site certificate (fluidsurveys.com.key) with your bundle certificate, root certificate, or intermediate certificates. To do this, simply make a backup of your site certificate (fluidsurveys.com.crt), then cat the intermediate bundle with the original site certificate.  “cat gd_bundle.crt >> fluidsurveys.com.crt” This should now solve your issue with IE6 not recognizing the issuer of your SSL certificate.

The following two tabs change content below.

Aydin Mirzaee

Aydin is currently the Co-CEO of Fluidware where he spends his time focused on product strategy, marketing and growth for the company's FluidSurveys (http://fluidsurveys.com) and FluidReview (http://fluidreview.com) products. Aydin co-founded Fluidware in 2008 and since then it has grown to become a market leader with customers in over 80 countries.
FluidSurveys Presents

Free Survey Q&A

Join our survey & research expert Rick Penwarden as he answers all of your questions every Wednesday at 1PM EST!


2 Comments

  • shelley says:

    Glad you’re doing what’s necessary to keep your product running in IE6. I doubt that the folks who are still using that browser are doing so because they’re die-hard fans: I suspect that for most, it’s a decision made by the IT brass at their workplace to NOT upgrade to a later version of IE and to NOT allow staff to use Firefox.

    My knowledge of site certificates is slim to none; is there any action that I, as a (not die-hard) user of IE6, need to take based on what you’ve described in this blog post?

  • Ross says:

    We are aware there are many customers that only use it for that reason exactly, though like you said, they are stuck with it without the option to upgrade.

    As for the certificate, there is nothing that anyone else needs to do as it was just a fix on our end to make IE6 happy.