AnsweredAssumed Answered

Entrust incomplete cert chain using entrust's new G2 RootCa

Question asked by Anton Rothenbacher on Oct 9, 2014
Latest reply on Aug 8, 2017 by Ivan Ristić

Greetings, as of September 29th 2014 Entrust has now given customers the option of issuing certificates signed by the following certificate chain:

 

INTERMEDIATE CERTIFICATE:

Subject: CN = Entrust Certification Authority - L1K

Serial Number: 51 d3 60 cf

Issuer: CN = Entrust Root Certification Authority - G2

Valid from:     Tuesday, August 26, 2014 12:14:49 PM

Valid to:     Tuesday, August 27, 2024 3:34:47 AM

Signature algorithm: sha256RSA

Signature hash algorithm: sha256

thumprint: c3 d9 87 c4 59 e1 e4 5e cd 2c ca 05 35 fa d0 74 d0 8e 69 cd

 

 

ROOT CERTIFICATE:

Subject: CN = Entrust Root Certification Authority - G2

Serial Number: 4a 53 8c 28

Issuer: CN = Entrust Root Certification Authority - G2

Valid from:     Tuesday, July 07, 2009 12:25:54 PM

Valid to:     Saturday, December 07, 2030 12:55:54 PM

thumprint: 8c f4 27 fd 79 0c 3a d1 66 06 8d e8 1e 57 ef bb 93 22 72 d4

 

We have applied a new certificate which is relying upon the above mentioned certificate chain and we are getting a grade of "T" indicating the certificate we have applied is untrusted by the ssllabs test at https://www.ssllabs.com/ssltest/

 

Does that ssllabs test not yet support this new certificate chain by Entrust?

Outcomes