Request: Add full chain in .PFX (Central Certificate Store)

[art-b-d]

When a .PFX file is generated for use in Central SSL, this PFX contains only the new certificate, but not the root and/or intermediate. SSL Labs (and some apps) likes that servers sends full chain.

To 'solve' this, I'm importing and exporting the pfx file using powershell, with option "-ChainOption BuildChain".

Example: Generate certificate:
& wacs.exe $test --csr ec --reuse-privatekey --target manual --host "example.com" --store centralssl --centralsslstore $CentralSSLPath --pfxpassword $CentralCertPass --validation filesystem --webroot $validationPath --emailaddress $email --accepttos --force --usedefaulttaskuser

Exemple: Build chain:

$localCert = $CentralSSLPath+$site+'.pfx'
$mypwd = ConvertTo-SecureString -String $CentralCertPass -Force -AsPlainText

$pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2
$pfx.Import($localCert,$CentralCertPass, "Exportable,PersistKeySet,MachineKeySet")
Export-PfxCertificate -Cert $pfx **-ChainOption BuildChain** -FilePath $localCert -Force -Password $mypwd

In renew, this 'full' .PFX is lost and I must do it again...

I know that I can create an installation script to do this, but win-acme could do this unattended for everyone :)

[WouterTinus]

That's a good one, agreed that it shouldn't be neccesary to do this with a script. Recently I've improved certificate chain handling for the other stores, but somehow this one slipped my mind. It will be fixed in the next release.