Jump to content
Welcome to our new Citrix community!

Certificate Chain Incomplete.


Recommended Posts

Hi All,

I am getting a strange issue. We are running Citrix ADC 5901 on release 13.1 Build 33.52.nc. I ran the ssllabs test against it after we upgraded the firmware and our score dropped to a B. It says we have an incomplete certificate chain. this is strange because I am sure I ran the test against the older firmware and I got an A. The complete chain is there so not sure why it says the chain is now incomplete. Anyone else have this experience?

Link to comment
Share on other sites

  • 1 month later...

So, use your browser to look at the certificate chain, as seen by a browser: is it ok, or is it incomplete? Just because your browser doesn't show an error when it connects doesn't mean the chain is good (your PC may contain intermediate certs).

 

Also remember that, whilst most Server Certs issued just need a single intermediate cert, some need a chain of TWO intermediates. If that's the case, on the Netscaler, having linked the server cert to the 'lower' intermediate cert, you now need to also link that 'lower' intermediate to the 'upper'  intermediate cert.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...