You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a .PFX file is generated for use in Central SSL, this PFX contains only the new certificate, but not the root and/or intermediate. SSL Labs (and some apps) likes that servers sends full chain.
To 'solve' this, I'm importing and exporting the pfx file using powershell, with option "-ChainOption BuildChain".
That's a good one, agreed that it shouldn't be neccesary to do this with a script. Recently I've improved certificate chain handling for the other stores, but somehow this one slipped my mind. It will be fixed in the next release.
When a .PFX file is generated for use in Central SSL, this PFX contains only the new certificate, but not the root and/or intermediate. SSL Labs (and some apps) likes that servers sends full chain.
To 'solve' this, I'm importing and exporting the pfx file using powershell, with option "-ChainOption BuildChain".
Example: Generate certificate:
& wacs.exe $test --csr ec --reuse-privatekey --target manual --host "example.com" --store centralssl --centralsslstore $CentralSSLPath --pfxpassword $CentralCertPass --validation filesystem --webroot $validationPath --emailaddress $email --accepttos --force --usedefaulttaskuser
Exemple: Build chain:
In renew, this 'full' .PFX is lost and I must do it again...
I know that I can create an installation script to do this, but win-acme could do this unattended for everyone :)
The text was updated successfully, but these errors were encountered: