trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacobo Nájera <jac...@metahumano.org>
Subject Re: ATS and letsencrypt
Date Thu, 12 Mar 2020 02:06:19 GMT
I removed the ssl_ca_name. It fixed.

o/

El 11/03/20 a las 17:11, Susan Hinrichs escribió:
> Interesting.  I'd remove the ssl_ca_name= entirely.  Looking at the
> code, it should add the intermediate certs and you tried to do
> initially.  Apparently that logic isn't working.  I'll try to get a test
> written for that.  But in any case, adding the chain certs twice (via
> the ssl_cert_name cert and via ssl_ca_name) is not necessary.
> 
> On Wed, Mar 11, 2020 at 6:05 PM Jacobo Nájera <jacobo@metahumano.org
> <mailto:jacobo@metahumano.org>> wrote:
> 
>     El 10/03/20 a las 9:16, Susan Hinrichs escribió:
>     > You combine your cert.pem and your chain.pem files and specify
>     that file
>     > in the ssl_cert_name attribute.  The specific certificate should go
>     > first.  Then the chain certs.
> 
>     Thanks Susan. It works :)
> 
>     It tested by sslabs.com <http://sslabs.com> tool. It prints me
>     "Incorrect order, Extra
>     certs" and Grade A.
> 
>     My file ssl_multicert.config
> 
>     ssl_cert_name=cert.pem ssl_key_name=privkey.pem ssl_ca_name=chain.pem
> 
>     (cert.pem is cert.pem + chain.pem)
> 
>     How can I fix "Incorrect order, Extra certs"?
> 
> 
> 
> 
> 

Mime
View raw message