I've got a quick-n-dirty bash/keytool script script here that I like to use
to verify the cert chain order:
https://gist.github.com/guzzijason/026998189b0a57ef0ba2a05d1baf966a
__Jason
On Tue, May 23, 2017 at 4:22 PM, Jeff Elsloo wrote:
> It should be noted that you might
It should be noted that you might need to use an external tool of some
sort to order and verify the certificate chain properly. I believe
that's what we did when we ran into the problem.
--
Thanks,
Jeff
On Tue, May 23, 2017 at 10:05 AM, Jason Tucker wrote:
> +1 to what
+1 to what Dave said. A full cert chain shouldn't be a problem in Traffic
Ops. Best to make sure server cert is at the top of the chain, and the rest
of the certs are below, in order, with the CA cert last.
__Jason
On Tue, May 23, 2017 at 2:15 PM, Dave Neuman wrote:
> Hey
Hey Oren,
Yes you can enter an externally created, full-chain certificate in Traffic
Ops; we do this all the time. You shouldn't need to do anything special
besides make sure that the certificate chain is in the correct order. I
think you need to have the server (wildcard first) then the
Hi,
After creating a DS which supports SSL, and using an official certificate
created by GoDaddy (As opposed to a self-signed certificate generated by
Ops), we ran into the following issue:
An SSL scan from https://www.ssllabs.com/ssltest , done on
tr.., complained about the fact that the