AnsweredAssumed Answered

Certificate chain

Question asked by Nigel Pentland on May 26, 2014
Latest reply on May 27, 2014 by Nigel Pentland

I've been having issues with a website where the server isn't supplying the required intermediate certificates, all standard stuff.

 

The general form is a certificate issued with the following chain

 

SwissSign

     AffirmTrust

          Trend Micro

               www.cybmerchantonline.co.uk

 

Now, my point / suggestion is that the Server Test tool seems to only look for a single intermediate?  If the server presents the end entity certificate plus the Trend Micro CA certificate it says the chain of trust is good, when actually it's not.

 

Now, if I go to GlobalSign SSL Checker, it correctly identifies there is an issue with a broken chain.  I'm curious, and the reason I'm quoting the GlobalSign Checker is because it says it is powered by the Qualys SSL Labs, so how come it gets it right when SSL Labs doesn't?

 

BTW - apart from this little gremlin, really like the checker, so well done everyone and thanks.

Outcomes