Which CA Bundle? RapidSSL cPanel

Portal Home > Knowledgebase > Articles Database > Which CA Bundle? RapidSSL cPanel

Posted by sonnb, 04-08-2015, 12:16 AM
Hi, just installed a RapidSSL into cPanel when checked, I received some minor error about a missing CA chained bundle or something, I remember when I first installed the RapidSSL cert, I did not have that part but cPanel did say, the CA bundle most likely would be fetched during the install automatically. guess not this time. No big deal, so I went and installed a bundle and the error went away when I tested again, and everything checked normal. BUT just curious on the following page I had two choices both seem to work is one better then the other?, and how do you find out which one is the right one you need for cPanel? I'm using the RSA SHA-2. https://knowledge.rapidssl.com/suppo...ewlocale=en_US RSA SHA-1 SSL Certificates CA Bundle (SO26464) RSA SHA-2 (under SHA-1 Root) SSL Certificates CA Bundle (SO26459) moral of this story, always double check your installation no matter what because everything seemed fine, it was a good thing I decided to check that, just for the heck of it. thanks
Posted by Hosting4Real, 04-08-2015, 12:32 AM
You should use the CA bundle that matches your SSL type, and issue date. RapidSSL should deliver the CA bundle when you receive your certificate originally (At least Comodo does that).
Posted by sonnb, 04-08-2015, 02:24 AM
they both seem to work, the cPanel I'm on has OpenSSL/1.0 with SNI the email I received did have the intermediate CA bundle as well must have pasted both at same time or something, I did notice those intermediate CA bundles at that link I gave above have more certs in them, does that mean better browser compatibility?. also if someone understands this kind of stuff, can I use either one and is more certs in a intermediate CA bundle better?. Thanks
Posted by TheSHosting, 04-08-2015, 08:43 AM
The CA bundle that comes with the certificate details should work; it always worked for me at least. Comodo's CA bundle comes with the zip in multiple files and it is important to install whole; otherwise you will end up with SSL errors with some browsers.
Posted by Website themes, 04-08-2015, 09:25 AM
IF you just got a cert then you should've gotten a sha2 one. Best thing you can do is test this using online ssl checkers: digicert.com/help The above will tell you if your intermediate certs aren't properly installed. You can't really tell using your browser because your browser caches intermediate certs it encounters on other sites. So even if you have it installed incorrectly on your site your browser won't warn you because it never notices and just uses the certs from its cache. If you create a new browser profile it will warn you. To save yourself the headache of creating a new profile just use an online tool.
Posted by sonnb, 04-08-2015, 12:22 PM
Everything works great, I checked it at 3 different sites that do that stuff. https://www.sslshopper.com/ssl-checker.html https://www.ssllabs.com/ssltest/ https://www.digicert.com/help/ turns out it was me, what happened the first time I installed the cart I pasted both the cert and intermediate cert into the same box, so I just deleted that cert and installed those certs from the email separably, and that was it. these gUys replying are right always stick with what they send you basically, there's a SAN cert in the bundle I recieved, which has something to do with SNI I bet. I was just curious because the CA bundles at that link above seemed to me at last to cover more browsers or something. Thanks, that's what makes this place the best somebody around here is always willing to take a moment and help someone.