AnsweredAssumed Answered

Intermediate SSL certificates not being served up?!

Question asked by PDX Webguy on Feb 20, 2017
Latest reply on Feb 21, 2017 by j-mailor

Greetings all-

 

I did some searching, so if I missed an article that already covered this let me know. The basic issue is: we just moved a website from a server running Apache 2.2 to one running Apache 2.4. When we were on the old sever, we had SSL configured just right so that we had an A+ score on SSLTest site here. But on the new server we can't seem to get higher than a B rating. One of the key detractors is the error that reads:

 

This server's certificate chain is incomplete. Grade capped to B.

 

We figured out that the 'SSLCertificateChainFile' was deprecated in Apache 2.4, so we commented out that line of the ssl.conf file and instead copied the intermediate certificate information over to the main KeyFile itself. (Various blogs and forum posts seemed to indicate that this was the the way to handle this issue.) However, this didn't seem to make a difference in our case. For some reason, Apache is unwilling to serve up the necessary intermediate certificate information when queried. Several other SSL test sites also complained that our intermediate certs were "missing." We've tried a dozen other things as well (e.g checking file permissions, other .conf files, etc)  but can't seem to figure out where we went wrong. 

 

We'd welcome any troubleshooting steps from the forum here.

 

Cheers.

Outcomes