Ticket #3164 (closed defect: fixed)

Opened 7 years ago

Last modified 3 years ago

Fix an incomplete SSL chain

Reported by: birdie Owned by: zaytsev
Priority: blocker Milestone:
Component: adm Version:
Keywords: Cc:
Blocked By: Blocking:
Branch state: no branch Votes for changeset:

Change History

comment:1 Changed 7 years ago by andrew_b

  • Version master deleted
  • Milestone 4.8 deleted

comment:2 Changed 7 years ago by zaytsev

  • Status changed from new to accepted
  • Owner set to zaytsev

The chain is complete, it's just that the CA certificate is not stapled to our certificate in our server response. I have tried my best to improve on our SSL setup, but I'm afraid can't get much further. Hope that B is enough for most practical purposes.

comment:3 Changed 7 years ago by zaytsev

  • Status changed from accepted to testing
  • Resolution set to fixed

comment:4 Changed 7 years ago by zaytsev

After a bit more struggle we've finally got an A =) yay!

comment:5 Changed 7 years ago by birdie

Certificates provided	1 (1657 bytes)
Chain issues	Incomplete

comment:6 Changed 7 years ago by zaytsev

See the explanation above, I'm not planning to fix this.

comment:7 Changed 7 years ago by andrew_b

Ticket #3217 has been marked as a duplicate of this ticket.

comment:8 Changed 6 years ago by sorin

Can we reopen this? The website is not opening in Chrome.

If you cannot keep the SSL certificate valid and monitoring, why bothering putting one?

This only makes the experience worse, not to count that this will break indexing and down list the site from Google. I would not be surprised to see it delisted too.

comment:9 Changed 6 years ago by zaytsev

What are you talking about? The certificate is valid and the checker isn't reporting any issues. Can you give the details on the error message that you are getting from Chrome?

comment:10 Changed 5 years ago by zaytsev

Ticket #3217 has been marked as a duplicate of this ticket.

comment:11 Changed 5 years ago by zaytsev

  • Status changed from testing to closed

Got an A after updating the setup to ~logjam state, enabled stapling; closing...

comment:12 Changed 4 years ago by zaytsev

Got a kindly sponsored certificate from GlobalSign, hopefully will improve the situation with browser support in the future.

comment:13 Changed 3 years ago by zaytsev

Renewed certificate for the next year, thanks goes to GlobalSign again...

Last edited 3 years ago by zaytsev (previous) (diff)
Note: See TracTickets for help on using tickets.