SSL Chain issues – Contains anchor

Does your SSLLABS report mention ‘Chain issues – Contains anchor’?

Simple fix:

Remove the Root CA from the concatenated certificate file.

Use a text editor open your Root CA file as well as your Certificate file, check what the Root CA starts and end with and remove that section.


Blah Blah


Leaving just the Certificate and the Intermediate Certificate in the file.

Restart your web server and retest in SSLLABS.


  1. Name

    It is a last CA certificate in the chain which signs server cert must be removed.
    If you remove Root CA certificate then you will end up with incomplete chain (B grade) on SSL labs test page.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s