Portal Home > Knowledgebase > Articles Database > comodo chain order, and include CA root?


comodo chain order, and include CA root?




Posted by Etian, 03-26-2015, 04:14 PM
I can't believe you can get a 3-year certificate for $15 (That's about what I always thought they should cost.) But with no instructions and no support, I guessed on appending them in the following order for the actual stunnel certificate: my_site_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSADomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt I've tried both with and without the final CARoot, and either way it passes the certificate checkers on various sites. But when I test with openssl s_client -connect, without he CARoot I get the error message: error:num=20:unable to get local issuer certificate And with the CARoot added, I get: error:num=19 self signed certificate in certificate chain Which way will cause the least problems for clients?

Posted by AlphaHostLV, 04-05-2015, 07:38 AM
I found out that different browsers requires different chains. For example Firefox on Windows is fine with just one your_domain_.crt And Chrome on Android requires full chain in this order: your_domain_.crt Comodo RSA Domain Validation Comodo RSA Certification Authority



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
restricted RDP login (Views: 579)
25K (Views: 648)
2host networks issues? (Views: 675)

Language: