SSL intermediate certificates validation
Recently I had to update SSL certificates on my web-app. Having downloaded the new certificate, the folder included a bunch of *.crt files. Mistakenly I installed www_example_com.crt certificate.
Later, using this tool
https://www.geocerts.com/ssl_checker
I found out there was a problem with my certificate installation. Browsers dealt well with it well and even didn't notify user about it, but other applications, such as SAP refused to accept the certificate.
It turns out that I need to install all intermediate certificates, (e.i. the bunch of *.crt files I mentioned above) so that that certificate chain is complete.
The solution of making a bundle came form here:
I used this service and loved what it provides:
https://cheapsslsecurity.com
Later, using this tool
https://www.geocerts.com/ssl_checker
I found out there was a problem with my certificate installation. Browsers dealt well with it well and even didn't notify user about it, but other applications, such as SAP refused to accept the certificate.
It turns out that I need to install all intermediate certificates, (e.i. the bunch of *.crt files I mentioned above) so that that certificate chain is complete.
The solution of making a bundle came form here:
cat www_example_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt
I used this service and loved what it provides:
https://cheapsslsecurity.com
Comments
Post a Comment