trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Susan Hinrichs <shinr...@verizonmedia.com>
Subject Re: ATS and letsencrypt
Date Wed, 11 Mar 2020 23:11:46 GMT
Interesting.  I'd remove the ssl_ca_name= entirely.  Looking at the code,
it should add the intermediate certs and you tried to do initially.
Apparently that logic isn't working.  I'll try to get a test written for
that.  But in any case, adding the chain certs twice (via the ssl_cert_name
cert and via ssl_ca_name) is not necessary.

On Wed, Mar 11, 2020 at 6:05 PM Jacobo Nájera <jacobo@metahumano.org> wrote:

> El 10/03/20 a las 9:16, Susan Hinrichs escribió:
> > You combine your cert.pem and your chain.pem files and specify that file
> > in the ssl_cert_name attribute.  The specific certificate should go
> > first.  Then the chain certs.
>
> Thanks Susan. It works :)
>
> It tested by sslabs.com tool. It prints me "Incorrect order, Extra
> certs" and Grade A.
>
> My file ssl_multicert.config
>
> ssl_cert_name=cert.pem ssl_key_name=privkey.pem ssl_ca_name=chain.pem
>
> (cert.pem is cert.pem + chain.pem)
>
> How can I fix "Incorrect order, Extra certs"?
>
>
>
>
>
>

Mime
View raw message