Correct order from combine certificates


We use an ICPEDU institutional certificate that is part of GlobalSIgn.

In traefik we are using only the * certificate and the key. Doing tests on sslabs, informs that the chain of certificates is incomplete.

In apache we use a bundle that contains the ICPEDU Intermediary + GlobalSIgn Intermediary + GlobalSign Root and works like a charm.

In the traefik I made the concatenation including our certificate *, staying like this:

* + ICPEDU intermediary + GlobalSIgn Intermediario + GlobalSign Root

This way it did not work and there is always an error informing that no certificate was found.

What is the correct order?

It should be:

Leaf certificate + Intermediates....

The root CA should no be present.

1 Like

Should * be at the beginning of the file?

Yes. That would be considered the leaf.

Thanks for the help @cakiwi!!!

After some tests, I believe that the correct order of the certificates was as follows:

GlobalSign RSA OV SSL CA 2018

Yes, of course!

That matches the output from ssllabs.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.