Re: Using a full-chain SSL certificate For a Delivery Service.

I've got a quick-n-dirty bash/keytool script script here that I like to use to verify the cert chain order: https://gist.github.com/guzzijason/026998189b0a57ef0ba2a05d1baf966a __Jason On Tue, May 23, 2017 at 4:22 PM, Jeff Elsloo wrote: > It should be noted that you might

Re: Using a full-chain SSL certificate For a Delivery Service.

It should be noted that you might need to use an external tool of some sort to order and verify the certificate chain properly. I believe that's what we did when we ran into the problem. -- Thanks, Jeff On Tue, May 23, 2017 at 10:05 AM, Jason Tucker wrote: > +1 to what

Re: Using a full-chain SSL certificate For a Delivery Service.

+1 to what Dave said. A full cert chain shouldn't be a problem in Traffic Ops. Best to make sure server cert is at the top of the chain, and the rest of the certs are below, in order, with the CA cert last. __Jason On Tue, May 23, 2017 at 2:15 PM, Dave Neuman wrote: > Hey

Re: Using a full-chain SSL certificate For a Delivery Service.

Hey Oren, Yes you can enter an externally created, full-chain certificate in Traffic Ops; we do this all the time. You shouldn't need to do anything special besides make sure that the certificate chain is in the correct order. I think you need to have the server (wildcard first) then the

Using a full-chain SSL certificate For a Delivery Service.

Hi, After creating a DS which supports SSL, and using an official certificate created by GoDaddy (As opposed to a self-signed certificate generated by Ops), we ran into the following issue: An SSL scan from https://www.ssllabs.com/ssltest , done on tr.., complained about the fact that the