July 25, 2018 8:39 pm
Does your SSLLABS report mention ‘Chain issues – Contains anchor’?
Simple fix:
Remove the Root CA from the concatenated certificate file.
Use a text editor open your Root CA file as well as your Certificate file, check what the Root CA starts and end with and remove that section.
-----BEGIN CERTIFICATE----- MIIGuDCCBKCgAwIBAgIUUk/B8W400XArhKE/sEK7zHw8kDIwDQYJKoZIhvcNAQEL BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc Blah Blah JOVtnRpn3coVfSR/0rz0XKVXeZGnKztGdIMQhWMTxvZ1UpmRAH2Ab2QnVo1fkPVy qNSJces5Y/VKpIvLBk5Jj55fvK8ME/9ASa+LtLrIms8iYHl75cupuYZZlg8= -----END CERTIFICATE-----
Leaving just the Certificate and the Intermediate Certificate in the file.
Restart your web server and retest in SSLLABS.
Posted by Raymond Reid
Tags:
Mobile Site | Full Site
Get a free blog at WordPress.com Theme: WordPress Mobile Edition by Alex King.
It is a last CA certificate in the chain which signs server cert must be removed.
If you remove Root CA certificate then you will end up with incomplete chain (B grade) on SSL labs test page.
By Name on October 16, 2020 at 7:27 am
to be specific, it is the self-signed root that is to be removed
By Christian on March 31, 2021 at 4:25 pm