SSL Labs reports incomplete certificate chain
Information
| Summary: |
This article will cover how to download an alternate certificate chain from SSL Labs |
| Environment: |
Product: LoadMaster Version: Any Platform: Any Application: Any that will allow for certificates to be used. |
| Question/Problem Description: |
I installed the new certificate and also two intermediate certificates and the root certificate the same way as the old cerificates. Everything looked fine. I didn't see an error from the LoadMaster or issues with any browser. But then most Android devices could not connect to the Virtual Service anymore, SSL Labs said the chain was incomplete, and Microsoft Connectivity Analyzer had problems with the SSL handshake. I installed the same certificates on another server and have no problems there, so I must have done something wrong on the LoadMaster. |
| Steps to Reproduce: | |
| Error Message: | |
| Defect Number: | |
| Enhancement Number: | |
| Cause: | This happens when SSL Labs detects an alternate chain for the certificate than what's provided on the LoadMaster. |
| Resolution: |
Download the alternate chain from SSL Labs, as shown here: Once downloaded, import the certificate as an Intermediate Certificate, as outlined here: https://support.kemptechnologies.com/hc/en-us/articles/360004578192 |
| Workaround: | The alternate chain can also be obtained from the CA's website. |
| Notes: |