AnsweredAssumed Answered

Self signing and incomplete certificate chains

Question asked by Kevin Barnes on Mar 16, 2015
Latest reply on Mar 18, 2015 by Kevin Barnes

I'm verifying a site where I use a self-signed certificate, https://www.kbarnes3.com. I'll always get a grade of T because of this, but I'm mostly interested in the "If trust issues are ignored" grade. Somewhat recently it seems like a change was made to add a new check that says "This server's certificate chain is incomplete. Grade capped to B." My certificate is directly signed using my CA (there are no intermediate certificates involved). Doesn't a self-signed certificate always have an incomplete chain by virtue of the root CA being untrusted?

 

If so, does capping this grade capping make it so the "if trust issues are ignored" grade can never be an A?

 

If not, am I missing something in my configuration?

Outcomes