SSL certificate chain order

Contrary to what you may find on the Internet, the trust chain of ssl certificate is actually from BIG to small.
It may not be matter to some browsers but matters to others. I installed the chain in reverse order but chrome and IE don’t complain. Firefox is more picky.

The merge command line goes like

COMODORSADomainValidationSecureServerCA (intermediate) > COMODORSAAddTrustCA (intermediate) > AddTrustExternalCARoot (root)

Resulting something like

<signer for your cert signer>
<your cert signer>

Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.


No comments yet.

Leave a comment