I have an SSL server in Express, which is not working on all browsers (unless the user manually trusts the website) since some browsers require the chain certificate (we have our own intermediate certificate). I've put our intermediate and chain certificate in one .crt file. The chain + intermediate certificate is in the INT_CERT_FILE
variable. It does not seem to work. I am using http://www.digicert.com/help, as well as running openssl s_client -connect tasker.adnxs.net:443 -showcerts | grep "^ "
to check, but it does not seem to be returning the intermediate + chain certificate.
Here's how I'm setting it up:
var fs = require("fs"); var https = require("https"); var express = require("express"); var KEY_FILE = fs.readFileSync("path/to/key/file.key"); var CERT_FILE = fs.readFileSync("path/to/crt/file.crt"); var INT_CERT_FILE = fs.readFileSync("path/to/intermediate and chain crt.crt"); var _app_https = express(); var _server_https = null; _server_https = https.createServer({ key: KEY_FILE, cert: CERT_FILE, ca: INT_CERT_FILE }, _app_https).listen(443);
When visiting it on Firefox, Firefox does not recognise its identity and requires it to be manually trusted. How can I fix this issue?
Thanks,
To resolve the chain issue: Search your Certificate Authority's (CA) website to download their intermediate CA file. This file links all of the trusted CA certificates needed to reach the root certificate. When this Intermediate CA file has been downloaded, you must upload it to the LoadMaster.
How to Fix the Incomplete Certificate Chain Warning. To fix this issue, you need to modify/add an active intermediate certificate so if you are a Cloudways client then it is just a matter of copy and paste instead of running several commands on your server.
Does your intermediate certificate file contains multiple certificate blocks?
If that's the case you should split them into different files and read them one by one. You can pass them as an array to the ca
parameter.
I've got it working with the code below:
var https = require('https'), read = require('fs').readFileSync, httpsOptions = { key: read('ssl/mycertificate.key', 'utf8'), cert: read('ssl/mycertificate.crt', 'utf8'), ca: [ read('ssl/rapidssl_1.pem', 'utf8'), read('ssl/rapidssl_2.pem', 'utf8') ] }; https.createServer(httpsOptions, function (req, res) { // ... });
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With