zrhoffman opened a new issue, #7035: URL: https://github.com/apache/trafficcontrol/issues/7035
<!-- ************ STOP!! ************ If this issue identifies a security vulnerability, DO NOT submit it! Instead, contact the Apache Traffic Control Security Team at [email protected] and follow the guidelines at https://apache.org/security regarding vulnerability disclosure. - For *SUPPORT QUESTIONS*, use the #traffic-control channel on the ASF slack (https://s.apache.org/tc-slack-request) or the Traffic Control Users mailing list (send an email to [email protected] to subscribe). - Before submitting, please **SEARCH GITHUB** for a similar issue or PR * https://github.com/apache/trafficcontrol/issues * https://github.com/apache/trafficcontrol/pulls --> <!-- Do not submit security vulnerabilities or support requests here - see above --> ## This Improvement request (usability, performance, tech debt, etc.) affects these Traffic Control components: <!-- delete all those that don't apply --> - Traffic Ops - Traffic Portal ## Current behavior: <!-- Describe how the current features are insufficient. --> POSTing a new certificate to `/deliveryservices/sslkeys/add` with the Root Certificate before the Leaf Certificate results in a 200-level response with a warning: ```json { "alerts": [ { "text": "WARNING: SSL keys were successfully added for 'my-delivery-service', but the input certificate may be invalid (certificate verification produced a different chain)", "level": "warning" } ] } ``` ## New behavior: <!-- Describe how this change would improve Traffic Control --> An additional field, *Certificate Chain Order*, should be added to determine whether the validation expects the Leaf Certificate or the Root Certificate to be first. If this validation fails, HTTP status code 401 should be returned. Mock screenshot:  -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
