Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

SSL scan to show certificate chain length

 

Information

 

Summary:

Wanted to know why the ssl scan to site through the virtual service had a shorter cert chain compared to the scan direct to the server.

Environment:

Product: LoadMaster

Version: Any

Platform: Any

Application: Any

Question/Problem Description:

Running a scan to both hosts (one direct to server and the other to their virtual service) shows a different in certificate chains.

There is already an intermediate certificate installed on the loadmaster to cover any possible incomplete certificate chain issues

Steps to Reproduce: Run a scan to the site hostname using an ssl scanner such as ssllabs or sslshopper
Error Message:  
Defect Number:  
Enhancement Number:  
Cause: Server just happens to use different intermediate certificates for the chain of trust, but this is not inherently an issue as long as the scan to the VIP shows a valid, and complete chain of trust.
Resolution:
  • Judging by the scan that was done via ssllabs, it does not appear any intermediate/root certs need to be currently added.
  • Ran a scan to the site using Qualys SSL Labs scan, and that returned an "A+" rating, with no apparent SSL cert chain.
  • The intermediate certificate currently installed looks to be sufficient enough already.
Workaround:  
Notes:

https://www.ssllabs.com/ssltest/ 

https://www.sslshopper.com/ssl-checker.html


Was this article helpful?
0 out of 0 found this helpful

Comments