Hello,
We use an ICPEDU institutional certificate that is part of GlobalSIgn.
In traefik we are using only the *.company.org certificate and the key. Doing tests on sslabs, informs that the chain of certificates is incomplete.
In apache we use a bundle that contains the ICPEDU Intermediary + GlobalSIgn Intermediary + GlobalSign Root and works like a charm.
In the traefik I made the concatenation including our certificate *.company.org, staying like this:
*.company.org + ICPEDU intermediary + GlobalSIgn Intermediario + GlobalSign Root
This way it did not work and there is always an error informing that no certificate was found.
What is the correct order?
cakiwi
2
It should be:
Leaf certificate + Intermediates....
The root CA should no be present.
1 Like
Should *.company.org be at the beginning of the file?
cakiwi
4
Yes. That would be considered the leaf.
Thanks for the help @cakiwi!!!
After some tests, I believe that the correct order of the certificates was as follows:
-----BEGIN CERTIFICATE-----
*.company.org
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
GlobalSign RSA OV SSL CA 2018
-----END CERTIFICATE-----
cakiwi
6
Yes, of course!
That matches the output from ssllabs.
1 Like
system
Closed
7
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.