Portal Home > Knowledgebase > Articles Database > comodo chain order, and include CA root?
Posted by Etian, 03-26-2015, 04:14 PM I can't believe you can get a 3-year certificate for $15 (That's about what I always thought they should cost.) But with no instructions and no support, I guessed on appending them in the following order for the actual stunnel certificate: my_site_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSADomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt I've tried both with and without the final CARoot, and either way it passes the certificate checkers on various sites. But when I test with openssl s_client -connect, without he CARoot I get the error message: error:num=20:unable to get local issuer certificate And with the CARoot added, I get: error:num=19 self signed certificate in certificate chain Which way will cause the least problems for clients?
Posted by AlphaHostLV, 04-05-2015, 07:38 AM I found out that different browsers requires different chains. For example Firefox on Windows is fine with just one your_domain_.crt And Chrome on Android requires full chain in this order: your_domain_.crt Comodo RSA Domain Validation Comodo RSA Certification Authority
Add to Favourites Print this Article