SSL Labs reports incomplete certificate chain
This article will cover how to download an alternate certificate chain from SSL Labs
Application: Any that will allow for certificates to be used.
I installed the new certificate and also two intermediate certificates and the root certificate the same way as the old cerificates. Everything looked fine. I didn't see an error from the LoadMaster or issues with any browser.
But then most Android devices could not connect to the Virtual Service anymore, SSL Labs said the chain was incomplete, and Microsoft Connectivity Analyzer had problems with the SSL handshake.
I installed the same certificates on another server and have no problems there, so I must have done something wrong on the LoadMaster.
|Steps to Reproduce:|
|Cause:||This happens when SSL Labs detects an alternate chain for the certificate than what's provided on the LoadMaster.|
Download the alternate chain from SSL Labs, as shown here:
Once downloaded, import the certificate as an Intermediate Certificate, as outlined here: https://support.kemptechnologies.com/hc/en-us/articles/360004578192
|Workaround:||The alternate chain can also be obtained from the CA's website.|