Interesting. I'd remove the ssl_ca_name= entirely. Looking at the code, it should add the intermediate certs and you tried to do initially. Apparently that logic isn't working. I'll try to get a test written for that. But in any case, adding the chain certs twice (via the ssl_cert_name cert and via ssl_ca_name) is not necessary.
On Wed, Mar 11, 2020 at 6:05 PM Jacobo Nájera <[email protected]> wrote: > El 10/03/20 a las 9:16, Susan Hinrichs escribió: > > You combine your cert.pem and your chain.pem files and specify that file > > in the ssl_cert_name attribute. The specific certificate should go > > first. Then the chain certs. > > Thanks Susan. It works :) > > It tested by sslabs.com tool. It prints me "Incorrect order, Extra > certs" and Grade A. > > My file ssl_multicert.config > > ssl_cert_name=cert.pem ssl_key_name=privkey.pem ssl_ca_name=chain.pem > > (cert.pem is cert.pem + chain.pem) > > How can I fix "Incorrect order, Extra certs"? > > > > > >
