troubleshooting Question

Export SSL certificate with Root CA and Intermediates chain (full chain)

Avatar of Vas
VasFlag for United States of America asked on
Windows Server 2008Windows Server 2012SSL / HTTPS
3 Comments1 Solution2298 ViewsLast Modified:
We are trying to get an SSL certificate correctly working on an external service/security device where SSL terminates, which then sends traffic to the web servers here.

The certificate is a GoDaddy certificate. We have it working now where everything passes on the SSL test, except the Root CA is missing, so this is what we're trying to fix.

We haven't yet uploaded our SSL cert directly to the security device/service, it initially pulled the cert from the live web site somehow. But since the Root CA is missing we need to find a solution, the device does accept directly uploading certificate files in .pfx, .pem and .cer formats.

Would exporting the SSL cert from Windows as a .PFX, and enabling the option below include the Root CA, or only the Intermediaries? :

- Include all certificates in the certification path if possible



Last question, as possibly we can merge into one file all the certificates needed.. the security device accepts .PEM format so I'm wondering if taking the .PEM I have (used OpenSSL to export the .PFX to PEM) and then pasting into that .PEM file the root CA cipher code, and the Intermediate cipher code(s) -  and then uploading that one .PEM file do the trick? Or can a .PEM only have one certificate contained.  The .PEM I have has some header stuff before the ------BEGIN CERTIFICATE---- part.


Problem is this site is now live and in production, using this security device/service so I'm not going to have much time to play around as I will be disrupting the site once I start this troubleshooting. So hoping someone has some experience with these things so I can have some files ready to try and complete this as quickly as possible.


Thanks
ASKER CERTIFIED SOLUTION
David Johnson, CD
The More I know, the more I don't know
Join our community to see this answer!
Unlock 1 Answer and 3 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros