How do you fix an incomplete SSL chain

Following up on zakjan's answer, I had a problem when I tried to use jquery to do an AJAX request on my newly secure server, in an android webview. It worked in the browser, but not in my app.

I used this site: https://certificatechain.io/

I pasted in the text of my signed .crt file I got back from Comodo (positiveSSL), and it gave me back a concatination of everything I needed. I saved it as my domain + "chain.crt" (see below)

Then, in my apache configs, I entered something like this for that particular virtual host:

SSLEngine On
SSLCertificateFile /etc/ssl/localcerts/example_com.crt
SSLCertificateKeyFile /etc/ssl/localcerts/example.com.key
SSLCACertificateFile /etc/ssl/localcerts/example.com.chain.crt

After that, my Android app's webview did not have a problem using ajax to POST to my server. I tried it on 2 real-world devices, one running 2.3.4, one running 4.something. And on the emulator running 2.3. All worked.

I hope this helps.


The chain was in crt file, that the original SSL was working off.

For GoDaddy there is a 2nd cert - gd_bundle.crt

Copy this info and add it to the crt installed on the server.

So the original crt on the server had 1 certificate, and after it will have 3 on the same file. This is the chain.

I still got contains anchor in chain issues on ssllabs.com but this is not an issue, just an option to leave in or out - according to - https://security.stackexchange.com/questions/24561/ssltest-chain-issues-contains-anchor/24566#24566